- 000release-packages:SL-Micro-release
-
n/a
- cloud-init
-
- Update to version 25.1.3 (bsc#1245403)
+ Forward port
- cloud-init-no-openstack-guess.patch
+ docs: provide example3 for PAM and ssh_pwauth behavior (#27)
+ fix: Make hotplug socket writable only by root (#25) (CVE-2024-11584)
+ fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607)
(CVE-2024-6174)
From 25.1.2
+ fix: ensure MAAS datasource retries on failure (#6167)
- Update to version 25.1.1 (bsc#1239715,jsc#PED-8680,bsc#1228414)
+ Removed included upstream
- pep-594-drop-pipes.patch
- cloud-init-fix-python313.patch
- cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch
- cloud-init-direxist.patch
- cloud-init-wait-for-net.patch
- cloud-init-usr-sudoers.patch
- cloud-init-no-nmcfg-needed.patch
- cloud-init-keep-flake.patch
- cloud-init-lint-fixes.patch
- cloud-init-pckg-reboot.patch
- cloud-init-ds-deterministic.patch
- cloud-init-write-routes.patch
- cloud-init-skip-empty-conf.patch
+ Forward port
- cloud-init-no-tempnet-oci.patch
- cloud-init-no-openstack-guess.patch
- cloud-init-lint-set-interpreter.patch
+ Add
- cloud-init-ssh-usrmerge.patch (bsc#1237764)
- cloud-init-lint-set-interpreter.patch
- cloud-init-lint-fix.patch
- cloud-init-no-single-process.patch
- cloud-init-needs-action.patch
+ Drop hidesensitivedata in 16 & greater
+ test: pytestify cc_chef tests, add migration test
+ chef: migrate files in old config directories for backups and cache
+ fix: correct the path for Chef's backups (#5994)
+ fix(Azure): don't reraise FileNotFoundError during ephemeral setup (#6113)
+ fix(azure): handle unexpected exceptions during obtain_lease() (#6092)
[Ksenija Stanojevic]
+ Allow to set mac_address for VLAN subinterface (#6081)
[jumpojoy] (GH: 5364)
+ fix: Remove erroneous EC2 reference from 503 warning (#6077)
+ fix: NM reload and bring up individual network conns (#6073) [Ani Sinha]
+ fix: stop warning on dual-stack request failure (#6044)
+ fix: install_method: pip cannot find ansible-pull command path (#6021)
[Hasan Aliyev] (GH: 5720)
+ fix: Fix DataSourceAliYun exception_cb signature (#6068) (GH: 6066)
+ fix: Update OauthUrlHelper to use readurl exception_cb signature
(GH: 6065)
+ test: add OauthUrlHelper tests
+ test: Remove CiTestCase from test_url_helper.py
+ test: pytestify test_url_helper.py
+ fix: track more removed modules (#6043)
- From 25.1
+ ci: fix post-merge packaging CI (#6038)
+ feat(azure): Fix imds-based ssh_pwauth (#6002) [Ksenija Stanojevic]
+ ci: check for sorted patches (#6036)
+ feat: aliyun datasource support crawl metadata at once (#5942)
[jinkangkang]
+ docs: document /usr merge breaking change (#6032)
+ test: Add integration test for /var mounts (#6033)
+ test: Ensure pre-24.2 custom modules work (#6034)
+ doc: Update references to older keys (#6022) [Pedro Ribeiro]
+ fix: untyped-defs in tests/unittests/{config, net, sources} (#6023)
[Romain]
+ fix: don't reference PR in post-merged CI (#6019)
+ chore: explicitly skip broken ansible integration tests (#5996) [a-dubs]
+ tests(oracle): fix test_install_missing_deps apt race condition (#5996)
[a-dubs]
+ test(oracle): fix test_ubuntu_drivers_installed (#5996) [a-dubs]
+ test(oracle): fix test_frequency_override integration test (#5996)
[a-dubs]
+ chore: add type hint to IntegrationCloud's cloud_instance field (#5996)
[a-dubs]
+ test(oracle): fix modules/test_lxd.py::test_storage_lvm on noble (#5996)
[a-dubs]
+ commit 9e591fff266be9d4c83f74ec02a717b74993304d [a-dubs]
+ net/sysconfig: do not remove all existing settings of
/etc/sysconfig/network (#5991) [Ani Sinha] (GH: 5990)
+ fix: remove wrong return when checking if network necessary (#6013)
+ fix: typing for rsyslog, ubuntu_pro, power_state_change (#5985)
[MostafaTarek124eru]
+ fix: Retry on OpenStack HTTP status codes (#5943) [weiyang] (GH: 5687)
+ fix: Ensure fqdn is treated as string in get_hostname_fqdn (#5993)
[MKhatibzadeh] (GH: 5989)
+ feat(vmware): Convert imc network config to v2 (#5937) [PengpengSun]
+ ci: add upstream post-merge test
+ ci: check if upstream commit causes ubuntu patch conflicts
+ ci: organize cla tests together
+ test: eliminate obsolete cases, add non-error case
+ chore: remove redundant manual schema validation
+ doc: clarify subiquity docs
+ chore: cleanup `len' usage (#5956) [Shreenidhi Shedi]
+ Fix: GCE _get_data crashes if DHCP lease fails (#5998) [Bryan Fraschetti]
+ Fixes GH-5997
+ fix: correct the path for Chef's cache (#5994)
[MostafaTarek124eru] (GH: 5090)
+ fix: Run ansible with run_user instead of root for distro install_method
(#5986) [Amirhossein Shaerpour] (GH: 4092)
+ fix: retry AWS hotplug for async IMDS (#5995) (GH: 5373)
+ feat(integration_tests): add optional INSTANCE_TYPE setting (#5988)
[Alec Warren]
+ feat(integration-tests): set boto3 and botocore to INFO to prevent
log spamming [a-dubs]
+ ci: add 'tox -e integration-tests-fast' command [a-dubs]
+ chore: Add feature flag for manual network waiting (#5977)
+ Release 24.4.1
+ fix: Use /usr/lib/ rather than /lib in packaging code (#5970)
+ Use log_with_downgradable_level for user password warnings (#5927)
[Ani Sinha]
+ doc: change to hyphenated keys (#5909) (GH: 5555)
+ fix: Wait for udev on openstack (#5947) [Robert Schweikert] (GH: 4125)
+ test: disambiguate resource cleanup from test failure (#5926)
+ fix: use program name of netcat as installed by upstream, "nc" (#5933)
(#5933) [Andreas K. Hüttel]
+ ci: bump canonical/setup-lxd to version v0.1.2 (#5948)
+ feat(cc_chef): Allow change of Chef configuration file (#5925)
[Sean Smith]
+ docs: fix typo in generated file in LXD tutorial (#5941) [Pavel Shpak]
+ feat: Identify Samsung Cloud Platform as OpenStack (#5924) [us0310306]
+ fix: don't deadlock when starting network service with systemctl (#5935)
+ feat: Custom keys for apt archives (#5828) [Bryan Fraschetti] (GH: 5473)
+ test: improve test initialization error path (#5920)
+ chore: improve logging when lxd detection fails (#5919)
+ fix: Add "manual" to allowed subnet types (#5875)
[Math Marchand] (GH: 5769)
+ fix: remove bad ssh_svcname setting for Gentoo/OpenRC (#5918)
[Andreas K. Hüttel]
+ feat(gentoo): Add compatibility for Gentoo with systemd (#5918)
[Andreas K. Hüttel]
+ fix(ovf): no warning should be log when rpctool found no value (#5915)
[PengpengSun] (GH: 5914)
+ Move DS VMware to be in front of DS OVF (#5912) [PengpengSun] (GH: 4030)
+ ci: Add proper 'Breaks: ' to integration testing simple deb (#5923)
+ chore: Add akhuettel to CLA signers file (#5917) [Andreas K. Hüttel]
+ chore: eliminate calls at import time (#5889) (GH: 5344)
+ test: Add pyserial to test-requirements.txt (#5907)
+ test: Allow unknown size in growpart test (#5876)
+ doc: Update tutorials [Sally]
+ fix: bump azure key size to 3072 (#5841)
24.4.1
+ fix: Ensure _should_wait_via_user_data() handles all user data types (#5976)
+ fix: Don't log error in wait_for_url (#5972)
+ feat(url_helper): Retry on 503 error (#5938)
+ fix: Don't break modules that use get_meta_doc() (#5953)
+ refactor: Pass deprecation log args as tuple (#5953)
+ fix: uninstall custom signal handlers before shutdown (#5913)
24.4
+ test: Ensure unit ordering in ftp tests includes downstream units (#5892)
+ test: re-decrement expected webhook events (#5894)
+ test: allow relative path in apt-get test (#5891)
+ Fix metric setting of nmconnection for rhel (#5878) [Amy Chen]
+ chore: remove unused code(#5887)
+ feat(ephemeral): replace old has_url_connectivity() with new
_check_connectivity_to_imds() [a-dubs]
+ feat(oracle): add true single stack ipv6 support [a-dubs]
+ feat(ephemeral): refactor ephemeralIP and add ipv6 connectivity check
[a-dubs]
+ test: Decrement expected webhook events (#5888)
+ chore: remove `--docs` option from `cloud-init schema` (#5857) (GH: 5756)
+ test: pytestify "tests/unittests/config/test_cc_timezone.py" (#5885)
[Mahesh Ghumare]
+ ci: bump integration tests to use plucky
+ test: add grub_dpkg to inactive modules
+ test: move default behavior tests into their own module
+ test(apt): add plucky version for hello pkg (#5883)
+ Docs: improved mermaid diagram for better visibility. Add "MaheshG11"
as contributor (#5874) [Mahesh Ghumare] (GH: 5837)
+ fix(ntp): Fix RockyLinux OS support (#5864) [Sid Shukla]
+ chore(jsonschema): migrate from deprecated Validator.iter_errors (#5856)
+ chore: remove deprecation warning getting jsonschema's version (#5856)
+ chore: use filter arg for tar.extractall (#5856)
+ chore: remove __init__ from pytest test class (#5856)
+ chore: do not test element's truth value directly (#5856)
+ chore: migrate from deprecated datetime.datetime.utcfromtimestamp (#5856)
+ chore: migrate from deprecated datetime.datetime.utcnow() (#5856)
+ chore: set recursive=False for ensure_dir if parent path is "/" (#5816)
[sxt1001]
+ ci: fix broken daily dependencies (#5867)
+ ci: fix packaging tests (#5865)
+ feat(vultr): add override for network interface detection (#5847)
[Andrew Davis]
+ feat(networkd): Support RequiredForOnline option (#5852) [Dan McGregor]
+ Prevent NM from handling DNS when network interfaces have DNS config
(#5846) [Ani Sinha]
+ fix(smartos): Add `addrconf` IPv6 support (#5831)
[blackhelicoptersdotnet]
+ freebsd: adjust to match the new pyyaml package name (#5844)
[Gonéri Le Bouder]
+ fix: disable grub-dpkg by default (#5840)
+ fix(openbsd): Enable sysv init scripts in OpenBSD build script (#5790)
[Hyacinthe Cartiaux] (LP: 4036, #1992853)
+ test: Fix duplicate judgment conditions in password generation (#5835)
[sxt1001]
+ chore: don't render non-templated unit files (#5830)
+ chore: simplify and standardize cloud-final.service (#5830)
+ chore: simplify Conflicts=shutdown.target (#5830)
+ chore: remove redundant Before=NetworkManager.service (#5830)
+ chore: remove unnecessary systemd settings (#5830)
+ chore: eliminate redundant ordering dependencies (#5819)
+ fix: fix ordering cycle for distros with default deps (#5819) (GH: 5755)
+ test: unbreak pytest-xdist (#5829)
+ feat: Conditionally remove networkd online dependency on Ubuntu (#5772)
+ feat: Ensure random passwords contain multiple character types (#5815)
[sxt1001] (GH: 5814)
+ docs: split example page into example library (#5645) [Sally]
+ doc: clarify workarounds required for single process changes (#5817)
+ chore: add 3.13 to PR CI runs, 3.14 to scheduled (#5825)
+ fix: Render v2 bridges correctly on network-manager with set-name
(#5740) (GH: 5717)
+ test: add no_thinpool unit test (#5802)
+ chore: split lxd init config into separate function (#5802)
+ test: pytestify test_cc_lxd.py (#5802)
+ fix: Correctly handle missing thinpool in cc_lxd (#5802)
+ fix: Render bridges correctly for v2 on sysconfig with set-name (#5674)
(GH: 5574)
+ tests(minimal): rsyslog not in minimal images expect warning (#5811)
+ tests(lxd): avoid failure on multiple calls to --show-log (#5811)
+ chore: update netplan import semantics and related tests (#5805)
(GH: 5804)
+ lint: fix untyped-defs on /tests/unittest/cmd (#5800) [iru]
+ test: actually use devel release and verify_clean_boot enhancements
(#5801)
+ feat(locale): locales install on minimal images when cfg requests (#5799)
+ feat(byobu): support byobu install on minimal images when cfg requests
(#5799)
+ chore: Use devel release and no sbuild in integration CI (#5798)
+ test: Update integration tests from netplan backport (#5796)
+ test: add get_syslog_or_console for minimal images without syslog (#5793)
+ chore: Remove resize_root_tmp from cloud.cfg.tmpl (#5795) (GH: 5786)
+ docs: Fix field name from `contents` to `content` (#5787) [Igor Akkerman]
+ chore: bump pycloudlib to required version (#5792)
+ fix: avoid deprecation logs for calling cli stages (#5770) (GH: 5726)
+ tests: bump pycloudlib deps to include gce bug fix for id str (#5783)
+ fix(test): convert use p.gce.instance.id instead of instance_id (#5783)
+ fix(network-manager): bond properties and network schema (#5768)
[Denis Kadyshev]
+ Fix metric setting for ifcfg network connections for rhel (#5777)
[Ani Sinha] (GH: 5776)
+ fix(akamai): handle non-string user data in base64 decoding (#5751)
[Jesse Alter]
+ fix(ci): do not auto stale issues (#5775)
+ Make pytest more verbose for easier debugging (#5778) [Ani Sinha]
+ ci: fix tox.ini pytest cmd to use cloudinit dir for coverage reporting
(#5774) [Alec Warren]
+ tests: add OS_IMAGE_TYPE setting to allow for minimal tests (#5682)
+ test(hotplug): Simplify test_multi_nic_hotplug (#5763)
+ test(hotplug): increase nc timeout (#5763)
+ test: pytestify test_main.py (#5758)
+ test(ec2-dual-stack): fix int-test (#5762)
+ test: make verify_clean_boot really respect return code (#5761)
+ test: bump timeout in test_order (#5759)
+ docs: Properly document the cc_ubuntu_autoinstall module (#5757)
+ docs: fix WSL tutorial (#5752) (GH: 5746)
+ test: make verify_clean_boot respect return code by environment (#5754)
+ feat(integration_test): add CLOUD_INIT_PKG setting (#5739)
+ fix(ci): fix packaging check merge operation (#5750)
+ doc: do not document user.meta-data key (#5745)
+ test: avoid undocumented lxd key (#5748)
+ test: Refactor test_cc_set_hostname.py and test_cc_ntp.py (#5727)
+ chore: update docs URLs to cloud-init.io (#5741)
+ test: fix timer logging change expected logs (#5734)
+ fix: type annotations for several modules (#5733)
+ chore: add timer to io and string manipulation code
+ feat: add log package and performance module
+ remove newline injected for cloud-init status --wait (#5700)
[Andrew Nelson] (GH: 5863)
+ test: webhook require_deprecation msg on 24.3 (#5731)
+ test: fix test_nocloud message typo introduced by 313390f8 (#5731)
+ test: Fix test_log_message_on_missing_version_file (#5730)
+ tests: assert info level warnings instead of require_deprecation
+ tests: fix test to ignore_warnings not require Used fallback ds
+ chore: clean up pytest warnings (#5721)
+ tests(pro): bump pycloudlib add noble release to pro tests (#5719)
+ fix(hotplugd.socket): remove basic.target as dependency (#5722)
(LP: #2081124)
+ ci: fix integration test positional argument (#5718)
+ Create datasource for CloudCIX (#1351) [BrianKelleher]
+ ci: colorize output (#5716)
+ fix(schema): Allow for locale: false in schema add tests (#5647)
+ ci: fix packaging patch check (#5713)
+ chore: clean up old pickle workaround (#5714)
+ fix: force sftp cleanup when done with instance (#5698)
+ test(hotplug): reenable vpc test in focal (#5492)
+ chore: fix typing of userdata_raw (#5710)
+ fix(NetworkManager): Fix network activator (#5620)
+ fix: lxd do not check for thinpool kernel module (#5709)
+ docs: fix typo in docstring (#5708)
+ Scaleway: Force on-link: true for static networks (#5654)
[Louis Bouchard] (LP: 5523, #2073869)
+ fix: Invalid "seedfrom" in NoCloud system configuration (#5701)
+ tests: pytestify test_nocloud.py (#5701)
+ test: make verify_clean_boot respect return code by series (#5695)
+ fix: use cross-distro netcat name (#5696)
+ ci: fix labeler (#5697)
+ chore(actions): add packaging label for any branches modifying debian/*
+ (#5693)
+ test: add verify_clean_boot() calls alongside verify_clean_log() (#5671)
+ test: add deprecation support to verify_clean_boot (#5671)
+ doc: remove misleading warning (#5681)
+ chore: Prefer other methods over $INSTANCE_ID (#5661)
+ ci: fix packaging test when no patches (#5680)
+ chore: fix tip-ruff and update to latest version (#5676)
+ chore: make ansible test serial (#5677)
+ feat(ec2): Bump url_max_timeout to 240s from 120s. (#5565)
[Robert Nickel]
+ chore: fix typo in requirements.txt (#5637)
+ feat: make pyserial an optional dependency (#5637)
+ chore: bump ci dependency versions (#5660)
+ chore: drop broken optimization (#5666)
24.3.1
+ test: add test coverage for iproute2 commands (#5651)
+ fix(netops): fix ip addr flush command (#5651) (GH: 5648)
24.3
+ docs: Clarify v2 set-name behavior (#5639)
+ fix: properly handle blank lines in fstab (#5643)
+ fix: cc_user_groups incorrectly assumes "useradd" never locks password
field (#5355) [dermotbradley]
+ tests: assert cloud-init user-data cert is the only root cert (#5641)
+ feat: add automation for ubuntu/* branches asserting quilt patches apply
(#5622)
+ fix(sources/wsl): no error with empty .cloud-init dir (SC-1862) (#5633)
+ feat(azure): add PPS support for azure-proxy-agent (#5601)
[Ksenija Stanojevic]
+ fix(tests): use instance.clean/restart instead of clean --reboot (#5636)
+ test: fix cmd/test_schema int test (#5629)
+ test: fix test_honor_cloud_dir int test (#5627)
+ docs: alphabetize dsname lookup table. update comment to create the csv
(#5624)
+ docs: new datasources should update reference/ds_dsname_map (#5624)
+ test: fix ca_certs int test (#5626)
+ chore: update schema docs to use RST bold for config key names (#5562)
+ fix(doc): italics around deprecation prefix, description bolds key names
(#5562)
+ feat(doc): add env vars to debug config module doc builds (#5562)
+ fix(doc): doc of nested objects under JSON schema items.oneOf (#5562)
+ fix(doc): object type check if patternProperties or properties (#5562)
+ doc(schema): schema descriptions should end with trailing stop (#5562)
+ fix(wsl): Properly assemble multipart data (#5538) [Carlos Nihelton]
+ feat: collect-logs improvements (#5619)
+ tests: fix test_ca_certs.py for gcp (#5621)
+ fix(nm): Ensure bond property name formatting matches schema definition
(#5383) [Curt Moore]
+ Update behavior of base bond interface with NetworkManager (#5385)
[Curt Moore]
+ ci: Drop Python 3.6 and 3.7 (#5607)
+ chore(black): Bump version (#5607)
+ chore(mypy): Fix failures on newer versions of mypy (#5607)
+ chore(tox.ini): Simplify configuration, fix minor bugs (#5607)
+ chore(mypy): Lint log module (#5607)
+ fix(systemd): Correct location of installed drop-in files(#5615)
[Noah Meyerhans]
+ fix(btrfs): Version parsing (#5618)
+ docs: Remove unnecessary section, add feature flag page (#5617)
+ docs: Drop Python 3.6 and 3.7 support (#5617)
+ chore: explain other use of oauth (#5616)
+ chore(actions): add doc label for any doc related subdir file matches
(#5602)
+ doc: Add misc links, improve wording (#5595)
+ doc(boot): Make first boot a dedicated page (#5595)
+ doc: Describe all stages in a single process (#5595)
+ chore: Deprecate old commands in help output (#5595)
+ chore: add comment explaining the NetworkManager may-fail setting
(#5598) [Ani Sinha]
+ Revert "fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr
(#5471)" (#5596) [PengpengSun]
+ fix: read_optional_seed to set network-config when present (#5593)
+ feat(snap): avoid refresh on package_upgrade: true and refresh.hold
(#5426)
+ fix: Fix tests which have outdated strings (#5585)
+ fix: Fix ftp failures (#5585)
+ doc: improve integration testing configuration instructions (#5556)
[Alec Warren]
+ azure: check azure-proxy-agent status (#5138) [Ksenija Stanojevic]
+ refactor: refactor and fix mypy in DataSourceIBMCloud.py (#5509)
[Alec Warren]
+ fix: Update default LXD meta-data with user meta-data (#5584)
+ chore: Fix log message in url_helper.py (#5583)
+ fix: nocloud no fail when network-config absent (#5580)
+ feat: Single process optimization (#5489)
+ chore: Add helper, refactor utilities into separate module (#5573)
+ refactor: update handle function of cc_mounts (#5498)
+ fix: Integration tests (#5576)
+ fix(NoCloudNet): Add network-config support (#5566)
+ feat: Eliminate redundant configuration reads (#5536)
+ fix(actions): correct typo in cloudinit/config/schemas/ match (#5570)
+ fix: add host template for AOSC (#5557) [Yuanhang Sun]
+ chore(debian): Remove vestigial postinst and preinst code (#5569)
+ fix(actions): doc labeler needs all clause instead of default any (#5568)
+ docs: Overhaul user data formats documentation (#5551)
+ chore: Deprecate ENI as an input configuration format (#5561)
+ doc: improve drop-in custom modules (#5548)
+ doc(NoCloud): Categorize the different configuration types (#5521)
+ doc(autoinstall): Remove incorrect statements, be more direct (#5545)
+ chore: remove unneeded doc-lint tox env config (#5547)
+ fix(doc-spelling): config spelling_word_list_filename (#5547)
+ doc(modules): add section to wrap modules' doc (#5550)
+ doc: Update docs on boothooks (#5546)
+ fix: doc auto label to consider schema json changes as doc PRs (#5543)
+ feat(schema): add chef_license schema enum (#5543)
+ doc: add diagram with boot stages (#5539)
+ docs: improve qemu command line (#5540) [Christian Ehrhardt]
+ fix: auto label doc PRs (#5542)
+ fix(wsl): Put back the "path" argument to wsl_path in ds-identify
+ (#5537) [Carlos Nihelton]
+ test: fix test_kernel_command_line_match (#5529)
+ test: fix no ds cache tests (#5529)
+ fix(azurelinux): Change default usr_lib_exec path (#5526) [Minghe Ren]
+ feat: Support URI sources in `write_files` module (#5505)
[Lucas Ritzdorf]
+ add openeuler to distros in cc_spacewalk.py (#5530) [sxt1001]
+ feat(wsl): Special handling Landscape client config tags (#5460)
[Carlos Nihelton]
+ chore: Deprecate partially supported system config (#5515)
+ chore: Improve detection logging for user clarity (#5515)
+ fix(ds-identify): Detect nocloud when seedfrom url exists (#5515)
+ refactor: logs.py add typing and small misc refactors (#5414)
+ refactor: logs.py pathlib changes (#5414)
+ refactor: replace verbosity with log levels in logs.py (#5414)
+ feat: Add trace-level logger (#5414)
+ chore(formatting): fix squashed commit test formatting (#5524)
+ fix: Clean cache if no datasource fallback (#5499)
+ Support setting mirrorlist in yum repository config (#5522) [Ani Sinha]
+ doc(OFV): Document how to configure cloud-init (#5519)
+ fix: Update DNS behavior for NetworkManager interfaces (#5496)
[Curt Moore]
+ Fix configuration of DNS servers via OpenStack (#5384) [Curt Moore]
+ test: Unconditionally skip test_multi_nic_hotplug_vpc (#5503)
+ tests: revert expectation of exit 2 from cloud-init init --local (#5504)
+ fix(test): Fix ip printer for non-lxd (#5488)
+ feat(systemd): convert warning level message to deprecation (#5209)
+ test: allow verify_clean_boot to ignore all or specific tracebacks
(#5209)
+ test: Don't fail tests which call cloud-init as a command (#5209)
+ feat(systemd): Warn user of unexpected run mode (#5209)
+ fix: add schema rules for 'baseurl' and 'metalink' in yum repo config
(#5501) [Ani Sinha]
+ Set MTU for bond parent interface (#5495) [Curt Moore]
+ refactor: util.mounts to handle errors (#5490)
+ refactor: util.get_proc_env to work with strs (#5490)
+ typing: fix check_untyped_defs in cloudinit.util (#5490)
+ test: Add missing assert to test_status.py (#5494)
+ test: Ensure mkcert executable in ftp tests (#5493)
+ test: pytestify and cleanup test_cc_mounts.py (#5459)
+ fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr (#5471)
[PengpengSun]
+ fix(openbsd): fix mtu on newline in hostname files (#5412) [Tobias Urdin]
+ feat(aosc): Add 'AOSC OS' support (#5310) [Yuanhang Sun]
24.2
+ test: Fix no default user in test_status.py (#5478)
+ fix: correct deprecated_version=22.2 for users.sudo
+ test: Add jsonschema guard in test_cc_ubuntu_pro.py (#5479)
+ fix(test): Fix pycloudlib types in integration tests (#5350)
+ fix(test): Fix ip printing for non-lxd instances (#5350)
+ chore(mypy): Drop unused missing import exclusions (#5350)
+ type: Add stub types for network v1/v2 config (#5350)
+ chore: Auto-format network jsonschema in ci (#5350)
+ fix(tox): Update tox.ini (#5350)
+ chore(typing): Remove type ignores and casts (#5350)
+ refactor(typing): Remove unused code paths (#5350)
+ fix(typing): Add / update type annotations (#5350)
+ fix(typing): Remove type annotation for unused variable (#5350)
+ fix(typing): Remove invalid type annotations (#5350)
+ ci(mypy): Set default follow_imports value (#5350)
+ test: Update integration tests to pass on focal (#5476)
+ tests: update ubuntu_pro test to account for info-level deprecations
(#5475)
+ tests: update nocloud deprecation test for boundary version (#5474)
+ fix(rh_subscription): add string type to org (#5453)
+ tests: integration tests aware of features.DEPRECATION_INFO_BOUNDARY
+ tests: update keyserver PPA key fur curtin-dev (#5472)
+ test: Fix deprecation test failures (#5466)
+ chore: fix schema.py formatting (#5465)
+ fix: dont double-log deprecated INFOs (#5465)
+ fix(test): Mock version boundary (#5464)
+ fix(schema): Don't report changed keys as deprecated (#5464)
+ test: fix unit test openstack vlan mac_address (#5367)
+ fix: Ensure properties for bonded interfaces are properly translated
(#5367) [Curt Moore]
+ fix(schema): permit deprecated hyphenated keys under users key (#5456)
+ fix: Do not add the vlan_mac_address field into the VLAN object (#5365)
[Curt Moore]
+ doc(refactor): Convert module docs to new system (#5427) [Sally]
+ test: Add unit tests for features.DEPRECATION_INFO_BOUNDARY (#5411)
+ feat: Add deprecation boundary support to schema validator (#5411)
+ feat: Add deprecation boundary to logger (#5411)
+ fix: Gracefully handle missing files (#5397) [Curt Moore]
+ test(openstack): Test bond mac address (#5369)
+ fix(openstack): Fix bond mac_address (#5369) [Curt Moore]
+ test: Add ds-identify integration test coverage (#5394)
+ chore(cmdline): Update comments (#5458)
+ fix: Add get_connection_with_tls_context() for requests 2.32.2+ (#5435)
[eaglegai]
+ fix(net): klibc ipconfig PROTO compatibility (#5437)
[Alexsander de Souza] (LP: #2065787)
+ Support metalink in yum repository config (#5444) [Ani Sinha]
+ tests: hard-code curtin-dev ppa instead of canonical-kernel-team (#5450)
+ ci: PR update checklist GH- anchors to align w/ later template (#5449)
+ test: update validate error message in test_networking (#5436)
+ ci: Add PR checklist (#5446)
+ chore: fix W0105 in t/u/s/h/test_netlink.py (#5409)
+ chore(pyproject.toml): migrate to booleans (#5409)
+ typing: add check_untyped_defs (#5409)
+ fix(openstack): Append interface / scope_id for IPv6 link-local metadata
address (#5419) [Christian Rohmann]
+ test: Update validation error in test_cli.py test (#5430)
+ test: Update schema validation error in integration test (#5429)
+ test: bump pycloudlib to get azure oracular images (#5428)
+ fix(azure): fix discrepancy for monotonic() vs time() (#5420)
[Chris Patterson]
+ fix(pytest): Fix broken pytest gdb flag (#5415)
+ fix: Use monotonic time (#5423)
+ docs: Remove mention of resolv.conf (#5424)
+ perf(netplan): Improve network v1 -> network v2 performance (#5391)
+ perf(set_passwords): Run module in Network stage (#5395)
+ fix(test): Remove temporary directory side effect (#5416)
+ Improve schema validator warning messages (#5404) [Ani Sinha]
+ feat(sysconfig): Add DNS from interface config to resolv.conf (#5401)
[Ani Sinha]
+ typing: add no_implicit_optional lint (#5408)
+ doc: update examples to reflect alternative ways to provide `sudo`
option (#5418) [Ani Sinha]
+ fix(jsonschema): Add missing sudo definition (#5418)
+ chore(doc): migrate cc modules i through r to templates (#5313)
+ chore(doc): migrate grub_dpkg to tmpl add changed/deprecation (#5313)
+ chore(json): migrate cc_apt_configure and json schema indents (#5313)
+ chore(doc): migrate ca_certs/chef to template, flatten schema (#5313)
+ chore(doc): migrate cc_byobu to templates (#5313)
+ chore(doc): migrate cc_bootcmd to templates (#5313)
+ fix(apt): Enable calling apt update multiple times (#5230)
+ chore(VMware): Modify section of instance-id in the customization config
(#5356) [PengpengSun]
+ fix(treewide): Remove dead code (#5332) [Shreenidhi Shedi]
+ doc: network-config v2 ethernets are of type object (#5381) [Malte Poll]
+ Release 24.1.7 (#5375)
+ fix(azure): url_helper: specify User-Agent when using headers_cb with
readurl() (#5298) [Ksenija Stanojevic]
+ fix: Stop attempting to resize ZFS in cc_growpart on Linux (#5370)
+ doc: update docs adding YAML 1.1 spec and jinja template references
+ fix(final_message): do not warn on datasourcenone when single ds
+ fix(growpart): correct growpart log message to include value of mode
+ feat(hotplug): disable hotplugd.socket (#5058)
+ feat(hotlug): trigger hotplug after cloud-init.service (#5058)
+ test: add function to push and enable systemd units (#5058)
+ test(util): fix wait_until_cloud_init exit code 2 (#5058)
+ test(hotplug): fix race getting ipv6 (#5271)
+ docs: Adjust CSS to increase font weight across the docs (#5363) [Sally]
+ fix(ec2): Correctly identify netplan renderer (#5361)
+ tests: fix expect logging from growpart on devent with partition (#5360)
+ test: Add v2 test coverage to test_net.py (#5247)
+ refactor: Simplify collect_logs() in logs.py (#5268)
+ fix: Ensure no subp from logs.py import (#5268)
+ tests: fix integration tests for ubuntu pro 32.3 release (#5351)
+ tests: add oracular's hello package for pkg upgrade test (#5354)
+ growpart: Fix behaviour for ZFS datasets (#5169) [Mina Galić]
+ device_part_info: do not recurse if we did not match anything (#5169)
[Mina Galić]
+ feat(alpine): add support for Busybox adduser/addgroup (#5176)
[dermotbradley]
+ ci: Move lint tip and py3-dev jobs to daily (#5347)
+ fix(netplan): treat netplan warnings on stderr as debug for cloud-init
(#5348)
+ feat(disk_setup): Add support for nvme devices (#5263)
+ fix(log): Do not warn when doing requested operation (#5263)
+ Support sudoers in the "/usr/usr merge" location (#5161)
[Robert Schweikert]
+ doc(nocloud): Document network-config file (#5204)
+ fix(netplan): Fix predictable interface rename issue (#5339)
+ cleanup: Don't execute code on import (#5295)
+ fix(net): Make duplicate route add succeed. (#5343)
+ fix(freebsd): correct configuration of IPv6 routes (#5291) [Théo Bertin]
+ fix(azure): disable use-dns for secondary nics (#5314)
+ chore: fix lint failure (#5320)
+ Update pylint version to support python 3.12 (#5338) [Ani Sinha]
+ fix(tests): use regex to avoid focal whitespace in jinja debug test
(#5335)
+ chore: Add docstrings and types to Version class (#5262)
+ ci(mypy): add type-jinja2 stubs (#5337)
+ tests(alpine): github trust lxc mounted source dir cloud-init-ro (#5329)
+ test: Add oracular release to integration tests (#5328)
+ Release 24.1.6 (#5326)
+ test: Fix failing test_ec2.py test (#5324)
+ fix: Check renderer for netplan-specific code (#5321)
+ docs: Removal of top-level --file breaking change (#5308)
+ fix: typo correction of delaycompress (#5317)
+ docs: Renderers/Activators have downstream overrides (#5322)
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix(lxd): Properly handle unicode from LXD socket (#5309)
+ docs: Prefer "artifact" over "artefact" (#5311) [Arthur Le Maitre]
+ chore(doc): migrate cc_byobu to templates
+ chore(doc): migrate cc_bootcmd to templates
+ chore(doc): migrate apt_pipelining and apk_configure to templates
+ tests: in_place mount module-docs into lxd vm/container
+ feat(docs): generate rtd module schema from rtd/module-docs
+ feat: Set RH ssh key permissions when no 'ssh_keys' group (#5296)
[Ani Sinha]
+ test: Avoid circular import in Azure tests (#5280)
+ test: Fix test_failing_userdata_modules_exit_codes (#5279)
+ chore: Remove CPY check from ruff (#5281)
+ chore: Clean up docstrings
+ chore(ruff): Bump to version 0.4.3
+ feat(systemd): Improve AlmaLinux OS and CloudLinux OS support (#5265)
[Elkhan Mammadli]
+ feat(ca_certs): Add AlmaLinux OS and CloudLinux OS support (#5264)
[Elkhan Mammadli]
+ docs: cc_apt_pipelining docstring typo fix (#5273) [Alex Ratner]
+ feat(azure): add request identifier to IMDS requests (#5218)
[Ksenija Stanojevic]
+ test: Fix TestFTP integration test (#5237) [d1r3ct0r]
+ feat(ifconfig): prepare for CIDR output (#5272) [Mina Galić]
+ fix: stop manually dropping dhcp6 key in integration test (#5267)
[Alec Warren]
+ test: Remove some CiTestCase tests (#5256)
+ fix: Warn when signal is handled (#5186)
+ fix(snapd): ubuntu do not snap refresh when snap absent (LP: #2064300)
+ feat(landscape-client): handle already registered client (#4784)
[Fabian Lichtenegger-Lukas]
+ doc: Show how to debug external services blocking cloud-init (#5255)
+ fix(pdb): Enable running cloud-init under pdb (#5217)
+ chore: Update systemd description (#5250)
+ fix(time): Harden cloud-init to system clock changes
+ fix: Update analyze timestamp uptime
+ fix(schema): no network validation on netplan systems without API
+ fix(mount): Don't run cloud-init.service if cloud-init disabled (#5226)
+ fix(ntp): Fix AlmaLinux OS and CloudLinux OS support (#5235)
[Elkhan Mammadli]
+ tests: force version of cloud-init from PPA regardless of version (#5251)
+ ci: Print isort diff (#5242)
+ test: Fix integration test dependencies (#5248)
+ fix(ec2): Fix broken uuid match with other-endianness (#5236)
+ fix(schema): allow networkv2 schema without top-level key (#5239)
[Cat Red]
+ fix(cmd): Do not hardcode reboot command (#5208)
+ test: Run Alpine tests without network (#5220)
+ docs: Add base config reference from explanation (#5241)
+ docs: Remove preview from WSL tutorial (#5225)
+ chore: Remove broken maas code (#5219)
+ feat(WSL): Add support for Ubuntu Pro configs (#5116) [Ash]
+ chore: sync ChangeLog and version.py from 24.1.x (#5228)
+ bug(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
+ ci: Skip package build on tox runs (#5210)
+ chore: Fix test skip message
+ test(ec2): adopt pycloudlib public ip creation while launching instances
+ test(ec2): add ipv6 testing for multi-nic instances
+ test(ec2): adopt pycloudlib enable_ipv6 while launching instances
+ feat: tool to print diff between netplan and networkv2 schema (#5200)
[Cat Red]
+ test: mock internet access in test_upgrade (#5212)
+ ci: Add timezone for alpine unit tests (#5216)
+ fix: Ensure dump timestamps parsed as UTC (#5214)
+ docs: Add WSL tutorial (#5206)
+ feature(schema): add networkv2 schema (#4892) [Cat Red]
+ Add alpine unittests to ci (#5121)
+ test: Fix invalid openstack datasource name (#4905)
+ test: Fix MAAS test and mark xfail (#4905)
+ chore(ds-identify): Update shellcheck ignores (#4905)
+ fix(ds-identify): Prevent various false positives and false negatives
(#4905)
+ Use grep for faster parsing of cloud config in ds-identify (#4905)
[Scott Moser] (LP: #2030729)
+ tests: validate netplan API YAML instead of strict content (#5195)
+ chore(templates): update ubuntu universe wording (#5199)
+ Deprecate the users ssh-authorized-keys property (#5162)
[Anders Björklund]
+ doc(nocloud): Describe ftp and ftp over tls implementation (#5193)
+ feat(net): provide network config to netplan.State for render (#4981)
+ docs: Add breaking datasource identification changes (#5171)
+ fix(openbsd): Update build-on-openbsd python dependencies (#5172)
[Hyacinthe Cartiaux]
+ fix: Add subnet ipv4/ipv6 to network schema (#5191)
+ docs: Add deprecated system_info to schema (#5168)
+ docs: Add DataSourceNone documentation (#5165)
+ test: Skip test if console log is None (#5188)
+ fix(dhcp): Enable interactively running cloud-init init --local (#5166)
+ test: Update message for netplan apply dbus issue
+ test: install software-properties-common if absent during PPA setup
+ test: bump pycloudlib to use latest version
+ test: Update version of hello package installed on noble
+ test: universally ignore netplan apply dbus issue (#5178)
+ chore: Remove obsolete nose workaround
+ feat: Add support for FTP and FTP over TLS (#4834)
+ feat(opennebula): Add support for posix shell
+ test: Make analyze tests not depend on GNU date
+ test: Eliminate bash dependency from subp tests
+ docs: Add breaking changes section to reference docs (#5147) [Cat Red]
+ util: add log_level kwarg for logexc() (#5125) [Chris Patterson]
+ refactor: Make device info part of distro definition (#5067)
+ refactor: Distro-specific growpart code (#5067)
+ test(ec2): fix mocking with responses==0.9.0 (focal) (#5163)
+ chore(safeyaml): Remove unicode helper for Python2 (#5142)
+ Revert "test: fix upgrade dhcp6 on ec2 (#5131)" (#5148)
+ refactor(net): Reuse netops code
+ refactor(iproute2): Make expressions multi-line for legibility
+ feat(freebsd): support freebsd find part by gptid and ufsid (#5122)
[jinkangkang]
+ feat: Determining route metric based on NIC name (#5070) [qidong.ld]
+ test: Enable profiling in integration tests (#5130)
+ dhcp: support configuring static routes for dhclient's unknown-121
option (#5146) [Chris Patterson]
+ feat(azure): parse ProvisionGuestProxyAgent as bool (#5126)
[Ksenija Stanojevic]
+ fix(url_helper): fix TCP connection leak on readurl() retries (#5144)
[Chris Patterson]
+ test: pytest-ify t/u/sources/test_ec2.py
+ Revert "ec2: Do not enable dhcp6 on EC2 (#5104)" (#5145) [Major Hayden]
+ fix: Logging sensitive data
+ test: Mock ds-identify systemd path (#5119)
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ test: fix upgrade dhcp6 on ec2 (#5131)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
(#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ ci: fix linkcheck.yml invalid yaml (#5123)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ ec2: Do not enable dhcp6 on EC2 (#5104) [Major Hayden]
+ fix: Fall back to cached local ds if no valid ds found (#4997)
[PengpengSun]
+ ci: Make linkcheck a scheduled job (#5118)
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ Release 24.1.3
+ chore: Handle all level 1 TiCS security violations (#5103)
+ fix: Always use single datasource if specified (#5098)
+ fix(tests): Leaked mocks (#5097)
+ fix(rhel)!: Fix network boot order in upstream cloud-init
+ fix(rhel): Fix network ordering in sysconfig
+ feat: Use NetworkManager renderer by default in RHEL family
+ fix: Allow caret at the end of apt package (#5099)
+ test: Add missing mocks to prevent bleed through (#5082)
[Robert Schweikert]
+ fix: Ensure network config in DataSourceOracle can be unpickled (#5073)
+ docs: set the home directory using homedir, not home (#5101)
[Olivier Gayot] (LP: #2047796)
+ fix(cacerts): Correct configuration customizations for Photon (#5077)
[Christopher McCann]
+ fix(test): Mock systemd fs path for non-systemd distros
+ fix(tests): Leaked subp.which mock
+ fix(networkd): add GatewayOnLink flag when necessary (#4996) [王煎饼]
+ Release 24.1.2
+ test: fix `disable_sysfs_net` mock (#5065)
+ refactor: don't import subp function directly (#5065)
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
+ ds-identify: Improve ds-identify testing flexibility (#5047)
+ fix(ansible): Add verify_commit and inventory to ansible.pull schema
(#5032) [Fionn Fitzmaurice]
+ doc: Explain breaking change in status code (#5049)
+ gpg: Handle temp directory containing files (#5063)
+ distro(freebsd): add_user: respect homedir (#5061) [Mina Galić]
+ doc: Install required dependencies (#5054)
+ networkd: Always respect accept-ra if set (#4928) [Phil Sphicas]
+ chore: ignore all cloud-init_*.tar.gz in .gitignore (#5059)
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ feat: Add new distro 'azurelinux' for Microsoft Azure Linux. (#4931)
[Dan Streetman]
+ fix(gpg): Make gpg resilient to host configuration changes (#5026)
+ Sync 24.1.1 changelog and version
+ DS VMware: Fix ipv6 addr converter from netinfo to netifaces (#5029)
[PengpengSun]
+ packages/debian: remove dependency on isc-dhcp-client (#5041)
[Chris Patterson]
+ test: Allow fake_filesystem to work with TemporaryDirectory (#5035)
+ tests: Don't wait for GCE instance teardown (#5037)
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle
(#5021) (LP: #2056439)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix(atomic_helper.py): ensure presence of parent directories (#4938)
[Shreenidhi Shedi]
+ fix: Add "broadcast" to network v1 schema (#5034) (LP: #2056460)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022) [Chris Patterson]
+ fix: Make wait_for_url respect explicit arguments
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues
(#5025) (LP: #2056194)
+ chore(cmd-modules): fix exit code when --mode init (#5017)
+ feat: pylint: enable W0201 - attribute-defined-outside-init
+ refactor: Ensure no attributes defined outside __init__
+ chore: disable attribute-defined-outside-init check in tests
+ refactor: Use _unpickle rather than hasattr() in sources
+ chore: remove unused vendordata "_pure" variables
+ chore(cmd-modules): deprecate --mode init (#5005)
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: log correct disabled path in ds-identify (#5016)
+ tests: ec2 dont spend > 1 second retrying 19 times when 3 times will do
+ tests: openstack mock expected ipv6 IMDS
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
(LP: #2055077)
+ feat(run-container): Run from arbitrary commitish (#5015)
+ tests: Fix wsl test (#5008)
+ feat(ds-identify): Don't run unnecessary systemd-detect-virt (#4633)
+ chore(ephemeral): add debug log when bringing up ephemeral network
(#5010) [Alec Warren]
+ release: sync changelog and version (#5011)
+ Cleanup test_net.py (#4840)
+ refactor: remove dependency on netifaces (#4634) [Cat Red]
+ feat: make lxc binary configurable (#5000)
+ docs: update 404 page for new doc site and bug link
+ test(aws): local network connectivity on multi-nics (#4982)
+ test: Make integration test output more useful (#4984)
From 24.1.7
+ fix(ec2): Correctly identify netplan renderer (#5361)
From 24.1.6
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix: Check renderer for netplan-specific code (#5321)
+ test: Fix failing test_ec2.py test (#5324)
From 24.1.5
+ fix(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
From 24.1.4
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
+ (#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
From 24.1.3
+ fix: Always use single datasource if specified (#5098)
+ fix: Allow caret at the end of apt package (#5099)
From 24.1.2
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
From 24.1.1
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle (#5021)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix: Add "broadcast" to network v1 schema (#5034)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022)
+ fix: Make wait_for_url respect explicit arguments
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues (#5025)
+ tests: Fix wsl test (#5008)
From 24.1
+ fix: Don't warn on vendor directory (#4986)
+ apt: kill spawned keyboxd after gpg cmd interaction
+ tests: upgrade tests should only validate current boot log
+ net/dhcp: fix maybe_perform_dhcp_discovery check for interface=None
[Chris Patterson]
+ doc(network-v2): fix section nesting levels
+ fix(tests): don't check for clean log on minimal image (#4965) [Cat Red]
+ fix(cc_resize): Don't warn if zpool command not found (#4969)
(LP: #2055219)
+ feat(subp): Make invalid command warning more user-friendly (#4972)
+ docs: Remove statement about device path matching (#4966)
+ test: Fix xfail to check the dhcp client name (#4971)
+ tests: avoid console prompts when removing gpg on Noble
+ test: fix test_get_status_systemd_failure
+ fix: Remove hardcoded /var/lib/cloud hotplug path (#4940)
+ refactor: Refactor status.py (#4864)
+ test: Use correct lxd network-config keys (#4950)
+ test: limit temp dhcp6 changes to < NOBLE (#4942)
+ test: allow downgrades when install debs (#4941)
+ tests: on noble, expect default /etc/apt/sources.list
+ tests: lxd_vm early boot status test ordered After=systemd-remount-fs
(#4936)
+ tests: pro integration tests supply ubuntu_advantage until pro v32
(#4935)
+ feat(hotplug): add cmd to enable hotplug (#4821)
+ test: fix test_combined_cloud_config_json (#4925)
+ test: xfail udhcpc on azure (#4924)
+ feat: Implement the WSL datasource (#4786) [Carlos Nihelton]
+ refactor(openrc): Improve the OpenRC files (#4916) [dermotbradley]
+ tests: use apt install instead of dpkg -i to install pkg deps
+ tests: inactive module rename ubuntu_advantage to ubuntu_pro
+ test: fix tmpdir in test_cc_apk_configure (#4914)
+ test: fix jsonschema version checking in pro test (#4915)
+ feat(dhcp): Make dhcpcd the default dhcp client (#4912)
+ feat(Alpine) cc_growpart.py: fix handling of /dev/mapper devices (#4876)
[dermotbradley]
+ test: Retry longer in test_status.py integration test (#4910)
+ test: fix kernel override test (#4913)
+ chore: Rename sysvinit/gentoo directory to sysvinit/openrc (#4906)
[dermotbradley]
+ doc: update ubuntu_advantage references to pro
+ chore: rename cc_ubuntu_advantage to cc_ubuntu_pro (SC-1555)
+ feat(ubuntu pro): deprecate ubuntu_pro key in favor of ubuntu_advantage
+ feat(schema): support ubuntu_pro key and deprecate ubuntu_advantage
+ test: fix verify_clean_log (#4903)
+ test: limit test_no_hotplug_triggered_by_docker to stable releases
+ tests: generalize warning Open vSwitch warning from netplan apply (#4894)
+ fix(hotplug): remove literal quotes in args
+ feat(apt): skip known /etc/apt/sources.list content
+ feat(apt): use APT deb822 source format by default
+ test(ubuntu-pro): change livepatch to esm-infra
+ doc(ec2): fix metadata urls (#4880)
+ fix: unpin jsonschema and update tests (#4882)
+ distro: add eject FreeBSD code path (#4838) [Mina Galić]
+ feat(ec2): add hotplug as a default network update event (#4799)
+ feat(ec2): support instances with repeated device-number (#4799)
+ feat(cc_install_hotplug): trigger hook on known ec2 drivers (#4799)
+ feat(ec2): support multi NIC/IP setups (#4799)
+ feat(hotplug): hook-hotplug is now POSIX shell add OpenRC init script
[dermotbradley]
+ test: harden test_dhcp.py::test_noble_and_newer_force_client
+ test: fix test_combined_cloud_config_json (#4868)
+ feat(apport): Disable hook when disabled (#4874)
+ chore: Add pyright ignore comments (#4874)
+ bug(apport): Fix invalid typing (#4874)
+ refactor: Move general apport hook to main branch (#4874)
+ feat(bootspeed)!: cloud-config.service drop After=snapd.seeded
+ chore: update CI package build to oldest supported Ubuntu release focal
(#4871)
+ test: fix test_cli.test_valid_userdata
+ feat: handle error when log file is empty (#4859) [Hasan]
+ test: fix test_ec2_ipv6
+ fix: Address TIOBE abstract interpretation issues (#4866)
+ feat(dhcp): Make udhcpc use same client id (#4830)
+ feat(dhcp): Support InfiniBand with dhcpcd (#4830)
+ feat(azure): Add ProvisionGuestProxyAgent OVF setting (#4860)
[Ksenija Stanojevic]
+ test: Bring back dhcp6 integration test changes (#4855)
+ tests: add status --wait blocking test from early boot
+ tests: fix retry decorator to return the func value
+ docs: add create_hostname_file to all hostname user-data examples
(#4727) [Cat Red]
+ fix: Fix typos (#4850) [Viktor Szépe]
+ feat(dhcpcd): Read dhcp option 245 for azure wireserver (#4835)
+ tests(dhcp): Add udhcpc client to test matrix (#4839)
+ fix: Add types to network v1 schema (#4841)
+ docs(vmware): fixed indentation on example userdata yaml (#4854)
[Alec Warren]
+ tests: Remove invalid keyword from method call
+ fix: Handle systemctl when dbus not ready (#4842) (LP: #2046483)
+ fix(schema cli): avoid netplan validation on net-config version 1
+ tests: reduce expected reports due to dropped rightscale module
+ tests(net-config): add awareness of netplan on stable Ubuntu
[Gilbert Gilb's]
+ feat: fall back to cdrom_id eject if eject is not available (#4769)
[Cat Red]
+ fix(packages/bddeb): restrict debhelper-compat to 12 in focal (#4831)
+ tests: Add kernel commandline test (#4833)
+ fix: Ensure NetworkManager renderer works without gateway (#4829)
+ test: Correct log parsing in schema test (#4832)
+ refactor: Remove cc_rightscale_userdata (#4813)
+ refactor: Replace load_file with load_binary_file to simplify typing
(#4823)
+ refactor: Add load_text_file function to simplify typing (#4823)
+ refactor: Change variable name for consistent typing (#4823)
+ feat(dhcp): Add support for dhcpcd (#4746)
+ refactor: Remove unused networking code (#4810)
+ test: Add more DNS net tests
+ BREAKING CHANGE: Stop adding network v2 DNS to global DNS
+ doc: update DataSource.default_update_events doc (#4815)
+ chore: do not modify instance attribute (#4815)
+ test: fix mocking leaks (#4815)
+ Revert "ci: Pin pytest<8.0.0. (#4816)" (#4815)
+ test: Update tests for passlib (#4818)
+ fix(net-schema): no warn when skipping schema check on non-netplan
+ feat(SUSE): reboot marker file is written as /run/reboot-needed (#4788)
[Robert Schweikert]
+ test: Cleanup unwanted logger setup calls (#4817)
+ refactor(cloudinit.util): Modernize error handling, add better warnings
(#4812)
+ ci: Pin pytest<8.0.0. (#4816)
+ fix(tests): fixing KeyError on integrations tests (#4811) [Cat Red]
+ tests: integration for network schema on netplan systems (#4767)
+ feat(schema): use netplan API to validate network-config (#4767)
+ chore: define CLOUDINIT_NETPLAN_FILE static var (#4767)
+ fix: cli schema config-file option report network-config type (#4767)
+ refactor(azure): replace BrokenAzureDataSource with reportable errors
(#4807) [Chris Patterson]
+ Fix Alpine and Mariner /etc/hosts templates (#4780) [dermotbradley]
+ tests: revert #4792 as noble images no longer return 2 (#4809) [Cat Red]
+ tests: use client fixture instead of class_client in cleantest (#4806)
+ tests: enable ds-idenitfy xfail test LXD-kvm-not-MAAS-1 (#4808)
+ fix(tests): failing integration tests due to missing ua token (#4802)
[Cat Red]
+ Revert "Use grep for faster parsing of cloud config in ds-identify
(#4327)"
+ tests: Demonstrate ds-identify yaml parsing broken
+ tests: add exit 2 on noble from cloud-init status (#4792)
+ fix: linkcheck for ci to ignore scaleway anchor URL (#4793)
+ feat: Update cacerts to support VMware Photon (#4763)
[Christopher McCann]
+ fix: netplan rendering integrations tests (#4795) [Cat Red]
+ azure: remove cloud-init.log reporting via KVP (#4715) [Chris Patterson]
+ feat(Alpine): Modify ds-identify for Alpine support and add OpenRC
init.d script (#4785) [dermotbradley]
+ doc: Add DatasourceScaleway documentation (#4773) [Louis Bouchard]
+ fix: packaged logrotate file lacks suffix on ubuntu (#4790)
+ feat(logrotate): config flexibility more backups (#4790)
+ fix(clean): stop warning when running clean command (#4761) [d1r3ct0r]
+ feat: network schema v1 strict on nic name length 15 (#4774)
+ logrotate config (#4721) [Fabian Lichtenegger-Lukas]
+ test: Enable coverage in integration tests (#4682)
+ test: Move unit test helpers to global test helpers (#4682)
+ test: Remove snapshot option from install_new_cloud_init (#4682)
+ docs: fix cloud-init single param docs (#4682)
+ Alpine: fix location of dhclient leases file (#4782) [dermotbradley]
+ test(jsonschema): Pin jsonschema version (#4781)
+ refactor(IscDhclient): discover DHCP leases at distro-provided location
(#4683) [Phsm Qwerty]
+ feat: datasource check for WSL (#4730) [Carlos Nihelton]
+ test: Update hostname integration tests (#4744)
+ test: Add mantic and noble releases to integration tests (#4744)
+ refactor: Ensure internal DNS state same for v1 and v2 (#4756)
+ feat: Add v2 route mtu rendering to NetworkManager (#4748)
+ tests: stable ubuntu releases will not exit 2 on warnings (#4757)
+ doc(ds-identify): Describe ds-identify irrespective of distro (#4742)
+ fix: relax NetworkManager renderer rules (#4745)
+ fix: fix growpart race (#4618)
+ feat: apply global DNS to interfaces in network-manager (#4723)
[Florian Apolloner]
+ feat(apt): remove /etc/apt/sources.list when deb22 preferred (#4740)
+ chore: refactor schema data as enums and namedtuples (#4585)
+ feat(schema): improve CLI message on unprocessed data files (#4585)
+ fix(config): relocate /run to /var/run on BSD (canonical#4677)
[Mina Galić]
+ fix(ds-identify): relocate /run on *BSD (#4677) [Mina Galić]
+ fix(sysvinit): make code a bit more consistent (#4677) [Mina Galić]
+ doc: Document how cloud-init is, not how it was (#4737)
+ tests: add expected exit 2 on noble from cloud-init status (#4738)
+ test(linkcheck): ignore github md and rst link headers (#4734)
+ test: Update webhook test due to removed cc_migrator module (#4726)
+ fix(ds-identify): Return code 2 is a valid result, use cached value
+ fix(cloudstack): Use parsed lease file for virtual router in cloudstack
+ fix(dhcp): Guard against FileNotFoundError and NameError exceptions
+ fix(apt_configure): disable sources.list if rendering deb822 (#4699)
(LP: #2045086)
+ docs: Add link to contributing to docs (#4725) [Cat Red]
+ chore: remove commented code (#4722)
+ chore: Add log message when create_hostname_file key is false (#4724)
[Cat Red]
+ fix: Correct v2 NetworkManager route rendering (#4637)
+ azure/imds: log http failures as warnings instead of info (#4714)
[Chris Patterson]
+ fix(setup): Relocate libexec on OpenBSD (#4708) [Mina Galić]
+ feat(jinja): better jinja feedback and error catching (#4629)
[Alec Warren]
+ test: Fix silent swallowing of unexpected subp error (#4702)
+ fix: Move cloud-final.service after time-sync.target (#4610)
[Dave Jones] (LP: #1951639)
+ feat(log): Make logger name more useful for __init__.py
+ chore: Remove cc_migrator module (#4690)
+ fix(tests): make cmd/devel/tests work on non-GNU [Mina Galić]
+ chore: Remove cmdline from spelling list (#4670)
+ doc: Document boot status meaning (#4670)
+ doc: Set expectations for new datasources (#4670)
+ ci: Show linkcheck broken links in job output (#4670)
+ dmi: Add support for OpenBSD (#4654) [Mina Galić]
+ ds-identify: fake dmidecode support on OpenBSD (#4654) [Mina Galić]
+ ds-identify: add OpenBSD support in uname (#4654) [Mina Galić]
+ refactor: Ensure '_cfg' in Init class is dict (#4674)
+ refactor: Make event scope required in stages.py (#4674)
+ refactor: Remove unused argument (#4674)
+ chore: Move from lintian to a sphinx spelling plugin (#3639)
+ fix(doc): Fix spelling errors found by sphinxcontrib-spelling (#3639)
+ ci: Add Python 3.13 (#4567)
+ Add AlexSv04047 to CLA signers file (#4671) [AlexSv04047]
+ fix(openbsd): services & build tool (#4660) [CodeBleu]
+ tests/unittests: add a new unit test for network manager net activator
(#4672) [Ani Sinha]
+ Implement DataSourceCloudStack.get_hostname() (#4433) [Phsm Qwerty]
+ net/nm: check for presence of ifcfg files when nm connection files
are absent (#4645) [Ani Sinha]
+ doc: Overhaul debugging documentation (#4578)
+ doc: Move dangerous commands to dev docs (#4578)
+ doc: Relocate file location docs (#4578)
+ doc: Remove the debugging page (#4578)
+ fix(util): Fix boottime to work on OpenBSD (#4667) [Mina Galić]
+ net: allow dhcp6 configuration from generate_fallback_configuration()
[Ani Sinha]
+ net/network_manager: do not set "may-fail" to False for both ipv4 and
ipv6 dhcp [Ani Sinha]
+ feat(subp): Measure subprocess command time (#4606)
+ fix(python3.13): Fix import error for passlib on Python 3.13 (#4669)
+ style(brpm/bddeb): add black and ruff for packages build scripts (#4666)
+ copr: remove TODO.rst from spec file
+ fix(packages/brpm): correct syntax error and typo
+ style(ruff): fix tip target
+ config: Module documentation updates (#4599)
+ refactor(subp): Remove redundant parameter 'env' (#4555)
+ refactor(subp): Remove unused parameter 'target' (#4555)
+ refactor: Remove 'target' boilerplate from cc_apt_configure (#4555)
+ refactor(subp): Re-add return type to subp() (#4555)
+ refactor(subp): Add type information to args (#4555)
+ refactor(subp): Use subprocess.DEVNULL (#4555)
+ refactor(subp): Remove parameter 'combine_capture' (#4555)
+ refactor(subp): Remove unused parameter 'status_cb' (#4555)
+ fix(cli): fix parsing of argparse subcommands (#4559)
[Calvin Mwadime] (LP: #2040325)
+ chore!: drop support for dsa ssh hostkeys in docs and schema (#4456)
+ chore!: do not generate ssh dsa host keys (#4456) [shixuantong]
From 23.4.4
+ fix(nocloud): smbios datasource definition
+ tests: Check that smbios seed works
+ fix(source): fix argument boundaries when parsing cmdline (#4825)
From 23.4.3
+ fix: Handle systemctl when dbus not ready (#4842)
(LP: #2046483)
From 23.4.2
+ fix: Handle invalid user configuration gracefully (#4797)
(LP: #2051147)
From 23.4.1
+ fix: Handle systemctl commands when dbus not ready (#4681)
From 23.4
+ tests: datasourcenone use client.restart to block until done (#4635)
+ tests: increase number of retries across reboot to 90 (#4651)
+ fix: Add schema for merge types (#4648)
+ feat: Allow aliyun ds to fetch data in init-local (#4590) [qidong.ld]
+ azure: report failure to eject as error instead of debug (#4643)
[Chris Patterson]
+ bug(schema): write network-config if instance dir present (#4635)
+ test: fix schema fuzzing test (#4639)
+ Update build-on-openbsd dependencies (#4644) [CodeBleu]
+ fix(test): Fix expected log for ipv6-only ephemeral network (#4641)
+ refactor: Remove metaclass from network_state.py (#4638)
+ schema: non-root fallback to default paths on perm errors (# 4631)
+ fix: Don't loosen the permissions of the log file (#4628)
+ Revert "logging: keep current file mode of log file if its stricter
than the new mode (#4250)"
+ ephemeral: Handle link up failure for both ipv4 and ipv6 (#4547)
+ fix(main): Don't call logging too early (#4595)
+ fix: Remove Ubuntu-specific kernel naming convention assertion (#4617)
+ fix(log): Do not implement handleError with a self parameter (#4617)
+ fix(log): Don't try to reuse stderr logger (#4617)
+ feat: Standardize logging output to stderr (#4617)
+ chore: Sever unmaintained TODO.rst (#4625)
+ test: Skip failing tests
+ distros: Add suse
+ test: Add default hello package version (#4614)
+ fix(net): Improve DHCPv4 SUSE code, add test
+ net: Fix DHCPv4 not enabled on SUSE in some cases [bin456789]
+ fix(schema): Warn if missing dependency (#4616)
+ fix(cli): main source cloud_config for schema validation (#4562)
+ feat(schema): annotation path for invalid top-level keys (#4562)
+ feat(schema): top-level additionalProperties: false (#4562)
+ test: ensure top-level properties tests will pass (#4562)
+ fix(schema): Add missing schema definitions (#4562)
+ test: Fix snap tests (#4562)
+ azure: Check for stale pps data from IMDS (#4596) [Ksenija Stanojevic]
+ test: Undo dhcp6 integration test changes (#4612)
+ azure: update diagnostic from warning level to debug [Chris Patterson]
+ azure/imds: remove limit for connection errors if route present (#4604)
+ [Chris Patterson]
+ [enhancement]: Add shellcheck to CI (#4488) [Aviral Singh]
+ chore: add conventional commits template (#4593)
+ Revert "net: allow dhcp6 configuration from
generate_fallback_configuration()" (#4607)
+ azure: workaround to disable reporting IMDS failures on Azure Stack
[Chris Patterson]
+ cc_apt_pipelining: Update docs, deprecate options (#4571)
+ test: add gh workflows on push to main, update status badges (#4597)
+ util: Remove function abs_join() (#4587)
+ url_helper: Remove unused function retry_on_url_exc() (#4587)
+ cc_resizefs: Add bcachefs resize support (#4594)
+ integration_tests: Support non-Ubuntu distros (#4586)
+ fix(cmdline): fix cmdline parsing with MAC containing cc:
+ azure/errors: include http code in reason for IMDS failure
[Chris Patterson]
+ tests: cloud-init schema --system does not return exit code 2
+ github: allow pull request to specify desired rebase and merge
+ tests: fix integration test expectations of exit 2 on schema warning
+ tests: fix schema test expected cli output Valid schema <type>
+ fix(schema cli): check raw userdata when processed cloud-config empty
+ azure: report failure to host if ephemeral DHCP secondary NIC (#4558)
[Chris Patterson]
+ man: Document cloud-init error codes (#4500)
+ Add support for cloud-init "degraded" state (#4500)
+ status.json: Don't override detail key with error condition (#4500)
+ status: Remove duplicated data (#4500)
+ refactor: Rename exported_errors in status.json (#4500)
+ test: Remove stale status.json value (#4500)
+ tools/render-template: Make yaml loading opt-in, fix setup.py (#4564)
+ Add summit digest/trip report to docs (#4561) [Sally]
+ doc: Fix incorrect statement about `cloud-init analyze`
+ azure/imds: ensure new errors are logged immediately when retrying
(#4468) [Chris Patterson]
+ Clarify boothook docs (#4543)
+ boothook: allow stdout/stderr to emit to cloud-init-output.log
+ summit-notes: add 2023 notes for reference in mailinglist/discourse
+ fix: added mock to stop leaking journalctl that slows down unit test
(#4556) [Alec Warren]
+ tests: maas test for DataSourceMAASLocal get_data
+ maas tests: avoid using CiTest case and prefer pytest.tmpdir fixture
+ MAAS: Add datasource to init-local timeframe
+ Ensure all tests passed and/or are skipped
+ Support QEMU in integration tests
+ fix(read-dependencies): handle version specifiers containing [~!]
+ test: unpin pytest
+ schema: network-config optional network key. route uses oneOf (#4482)
+ schema: add cloud_init_deepest_matches for best error message (#4482)
+ network: warn invalid cfg add /run/cloud-init/network-config (#4482)
+ schema: add network-config support to schema subcommand (#4482)
+ Update version number and merge ChangeLog from 23.3.3 into main (#4553)
+ azure: check for primary interface when performing DHCP (#4465)
[Chris Patterson]
+ Fix hypothesis failure
+ subp: add a log when skipping a file for execution for lack of exe
permission (#4506) [Ani Sinha]
+ azure/imds: refactor max_connection_errors definition (#4467)
[Chris Patterson]
+ chore: fix PR template rendering (#4526)
+ fix(cc_apt_configure): avoid unneeded call to apt-install (#4519)
+ comment difference between sysconfig and NetworkManager renderer (#4517)
[Ani Sinha]
+ Set Debian's default locale to be c.UTF-8 (#4503) (LP: #2038945)
+ Convert test_debian.py to pytest (#4503)
+ doc: fix cloudstack link
+ doc: fix development/contributing.html references
+ doc: hide duplicated links
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen
(#4281)" (#4511) (LP: #2039453)
+ Fix the missing mcopy argument [Vladimir Pouzanov]
+ tests: Add logging fix (#4499)
+ Update upgrade test to account for dhcp6
+ Remove logging of PPID path (#4502)
+ Make Python 3.12 CI test non-experimental (#4498)
+ ds-identify: exit 2 on disabled state from marker or cmdline (#4399)
+ cloud-init-generator: Various performance optimizations (#4399)
+ systemd: Standardize cloud-init systemd enablement (#4399)
+ benchmark: benchmark cloud-init-generator independent of ds-identify
(#4399)
+ tests/integration_tests: add cloud-init disablement coverage (#4399)
+ doc: Describe disabling cloud-init using an environment variable (#4399)
+ fix: cloud-init status --wait broken with KERNEL_CMDLINE (#4399)
+ azure/imds: retry on 429 errors for reprovisiondata (#4470)
[Chris Patterson]
+ cmd: Don't write json status files for non-boot stages (#4478)
+ ds-identify: Allow disable service and override environment (#4485)
[Mina Galić]
+ Update DataSourceNWCS.py (#4496) [shell-skrimp]
+ Add r00ta to CLA signers file
+ Fix override of systemd_locale_conf in rhel [Jacopo Rota]
+ ci(linkcheck): minor fixes (#4495)
+ integration test fix for deb822 URI format (#4492)
+ test: use a mantic-compatible tz in t/i/m/test_combined.py (#4494)
+ ua: shift CLI command from ua to pro for all interactions
+ pro: avoid double-dash when enabling inviddual services on CLI
+ net: allow dhcp6 configuration from generate_fallback_configuration()
(#4474) [Ani Sinha]
+ tests: apt re.search to match alternative ordering of installed pkgs
+ apt: doc apt_pkg performance improvement over subp apt-config dump
+ Tidy up contributing docs (#4469) [Sally]
+ [enhancement]: Automatically linkcheck in CI (#4479) [Aviral Singh]
+ Revert allowing pro service warnings (#4483)
+ Export warning logs to status.json (#4455)
+ Fix regression in package installation (#4466)
+ schema: cloud-init schema in early boot or in dev environ (#4448)
+ schema: annotation of nested dicts lists in schema marks (#4448)
+ feat(apport): collect ubuntu-pro logs if ubuntu-advantage.log present
(#4443)
+ apt_configure: add deb822 support for default sources file (#4437)
+ net: remove the word "on instance boot" from cloud-init generated config
(#4457) [Ani Sinha]
+ style: Make cloudinit.log functions use snake case (#4449)
+ Don't recommend using cloud-init as a library (#4459)
+ vmware: Fall back to vmtoolsd if vmware-rpctool errs (#4444)
[Andrew Kutz]
+ azure: add option to enable/disable secondary ip config (#4432)
+ [Ksenija Stanojevic]
+ Allow installing snaps via package_update_upgrade_install module (#4202)
+ docs: Add cloud-init overview/introduction (#4440) [Sally]
+ apt: install software-properties-common when absent but needed (#4441)
+ sources/Azure: Ignore system volume information folder while scanning
for files in the ntfs resource disk (#4446) [Anh Vo]
+ refactor: Remove unnecessary __main__.py file
+ style: Drop vi format comments
+ cloudinit.log: Use more appropriate exception (#4435)
+ cloudinit.log: Don't configure NullHandler (#4435)
+ commit 6bbbfbbb030831c72b5aa2bba9cb8492f19d56f4
+ cloudinit.log: Remove unnecessary module function and variables (#4435)
+ cloudinit.log: Remove unused getLogger wrapper (#4435)
+ cloudinit.log: Standardize use of cloudinit's logging module (#4435)
+ Remove unnecessary logging wrapper in Cloud class (#4435)
+ integration test: allow pro service warnings (#4447)
+ integration tests: fix mount indentation (#4445)
+ sources/Azure: fix for conflicting reports to platform (#4434)
[Chris Patterson]
+ docs: link the cloud-config validation service (#4442)
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
+ Install gnupg if gpg not found (#4431)
+ Add "phsm" as contributor (#4429) [Phsm Qwerty]
+ cc_ubuntu_advantage: do not rely on uaclient.messages module (#4397)
[Grant Orndorff]
+ tools/ds-identify: match Azure datasource's ds_detect() behavior (#4430)
[Chris Patterson]
+ Refactor test_apt_source_v1.py to use pytest (#4427)
+ sources: do not override datasource detection if None is in list (#4426)
[Chris Patterson]
+ feat: check for create_hostname_file key before writing /etc/hostname
(SC-1588) (#4330) [Cat Red]
+ Pytestify apt config test modules (#4424)
+ upstream gentoo patch (#4422)
+ Work around no instance ip (#4419)
+ Fix typing issues in subp module (#4401)
+ net: fix ipv6_dhcpv6_stateful/stateless/slaac configuration for rhel
(#4395) [Ani Sinha]
+ Release 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: fix mount indentation (#4405)
+ Use grep for faster parsing of cloud config in ds-identify (#4327)
[Scott Moser] (LP: #2030729)
+ doc: fix instructions on how to disable cloud-init from kernel command
line (#4406) [Ani Sinha]
+ doc/vmware: Update contents relevant to disable_vmware_customization
[PengpengSun]
+ Bring back flake8 for python 3.6 (#4394)
+ integration tests: Fix cgroup parsing (#4402)
+ summary: Update template parameter descriptions in docs [MJ Moshiri]
+ Log PPID for better debugging (#4398)
+ integration tests: don't clean when KEEP_* flags true (#4400)
+ clean: add a new option to clean generated config files [Ani Sinha]
+ pep-594: drop deprecated pipes module import
From 23.3.3
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
From 23.3.2
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen"
(#4281) (#4511) (LP: #2039453)
From 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: Fix cgroup parsing (#4402)
- Add cloud-init-direxist.patch (bsc#1236720)
+ Make sure the directory exists, if not create it, before writing in that
location.
- Support python 3.13 (bsc#1233649):
+ pep-594-drop-pipes.patch, gh#canonical/cloud-init#4392
+ cloud-init-fix-python313.patch, gh#canonical/cloud-init#4669
+ cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch gh#canonical/cloud-init#5052
- cloud-regionsrv-client
-
- Update version to 10.5.2 (bsc#1247539)
+ When an instance fails verification server side the default credentials
were left behind requireing manual intervantion prior to the next
registration attempt.
+ Fix issue triggered when using instance-billing-flavor-check due to
IP address handling as object rather than string introduced 10.5.0
- Update version to 10.5.1
+ Fix issue with picking up configured server names from the
regionsrv config file. Previously only IP addresses were collected
+ Update scriptlet for package uninstall to avoid issues in the
build service
- Update version to 10.5.0
+ Use region server IP addresses to determine Internet access rather
than a generic address. Region server IP addresses may not be blocked
in the network construct. (bsc#1245305)
- coreutils:systemd
-
- coreutils-9.4.sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- coreutils
-
- coreutils-9.4.sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- curl
-
- tool_operate: fix return code when --retry is used but not
triggered [bsc#1249367]
* Add curl-tool_operate-fix-return-code-when-retry-is-used.patch
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- Fix the --ftp-pasv option in curl v8.14.1 [bsc#1246197]
* tool_getparam: fix --ftp-pasv [5f805ee]
* Add curl-fix--ftp-pasv.patch
- Update to 8.14.1: [jsc#PED-13055, jsc#PED-13056]
* Add _multibuild
* Remove patches fixed in the update:
- curl-CVE-2024-11053.patch
- curl-CVE-2024-2004.patch
- curl-CVE-2024-2379.patch
- curl-CVE-2024-2398.patch
- curl-CVE-2024-2466.patch
- curl-CVE-2024-6197.patch
- curl-CVE-2024-7264.patch
- curl-CVE-2024-8096.patch
- curl-CVE-2024-9681.patch
- curl-CVE-2025-0167.patch
- curl-CVE-2025-0725.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- curl-mstp-starttls.patch
- Sync spec file with SLE codestreams: [jsc#PED-13055, jsc#PED-13056]
* Add curl-mini.rpmlintrc to avoid rpmlint shlib-policy-name-error
when building the curl-mini package in SLE.
* Add libssh minimum version requirements.
* Use ldconfig_scriptlets when available.
* Remove unused option --disable-ntlm-wb.
- Update to 8.14.1:
* Security fixes:
- [bsc#1243933, CVE-2025-5399] libcurl can possibly get
trapped in an endless busy-loop when processing specially
crafted packets [d1145df2]
* Bugfixes:
- asyn-thrdd: fix cleanup when RR fails due to OOM
- ftp: fix teardown of DATA connection in done
- http: fail early when rewind of input failed when following redirects
- multi: fix add_handle resizing
- tls BIOs: handle BIO_CTRL_EOF correctly
- tool_getparam: make --no-anyauth not be accepted
- wolfssl: fix sending of early data
- ws: handle blocked sends better
- ws: tests and fixes
- Update to 8.14.0:
* Security fixes:
- [CVE-2025-4947, bsc#1243397] QUIC certificate check skip with wolfSSL
- [CVE-2025-5025, bsc#1243706] No QUIC certificate pinning with wolfSSL
* Changes:
- mqtt: send ping at upkeep interval
- schannel: handle pkcs12 client certificates containing CA certificates
- TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs
- vquic: ngtcp2 + openssl support
- wcurl: import v2025.04.20 script + docs
- websocket: add option to disable auto-pong reply
* Bugfixes:
- asny-thrdd: fix detach from running thread
- async-threaded resolver: use ref counter
- async: DoH improvements
- build: enable gcc-12/13+, clang-10+ picky warnings
- build: enable gcc-15 picky warnings
- certs: drop unused `default_bits` from `.prm` files
- cf-https-connect: use the passed in dns struct pointer
- cf-socket: fix FTP accept connect
- cfilters: remove assert
- cmake: fix nghttp3 static linking with `USE_OPENSSL_QUIC=ON`
- cmake: prefer `COMPILE_OPTIONS` over `CMAKE_C_FLAGS` for custom C options
- cmake: revert `CURL_LTO` behavior for multi-config generators
- configure: fix --disable-rt
- CONTRIBUTE: add project guidelines for AI use
- cpool/cshutdown: force close connections under pressure
- curl: fix memory leak when -h is used in config file
- curl_get_line: handle lines ending on the buffer boundary
- headers: enforce a max number of response header to accept
- http: fix HTTP/2 handling of TE request header using "trailers"
- lib: include files using known path
- lib: unify conversions to/from hex
- libssh: add NULL check for Curl_meta_get()
- libssh: fix memory leak
- mqtt: use conn/easy meta hash
- multi: do transfer book keeping using mid
- multi: init_do(): check result
- netrc: avoid NULL deref on weird input
- netrc: avoid strdup NULL
- netrc: deal with null token better
- openssl-quic: avoid potential `-Wnull-dereference`, add assert
- openssl-quic: fix shutdown when stream not open
- openssl: enable builds for *both* engines and providers
- openssl: set the cipher string before doing private cert
- progress: avoid integer overflow when gathering total transfer size
- rand: update comment on Curl_rand_bytes weak random
- rustls: make max size of cert and key reasonable
- smb: avoid integer overflow on weird input date
- urlapi: redirecting to "" is considered fine
* Remove curl-8.13.0-CloseSocket.patch upstream
* Rebase libcurl-ocloexec.patch
- fix Leap build add curl-8.13.0-CloseSocket.patch
- Update to 8.13.0:
* Changes:
- curl: add write-out variable 'tls_earlydata'
- curl: make --url support a file with URLs
- gnutls: set priority via --ciphers
- IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
- lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
- OpenSSL/quictls: add support for TLSv1.3 early data
- rustls: add support for CERTINFO
- rustls: add support for SSLKEYLOGFILE
- rustls: support ECH w/ DoH lookup for config
- rustls: support native platform verifier
- var: add a '64dec' function that can base64 decode a string
* Bugfixes:
- conn: fix connection reuse when SSL is optional
- hash: use single linked list for entries
- http2: detect session being closed on ingress handling
- http2: reset stream on response header error
- http: remove a HTTP method size restriction
- http: version negotiation
- httpsrr: fix port detection
- libssh: fix freeing of resources in disconnect
- libssh: fix scp large file upload for 32-bit size_t systems
- openssl-quic: do not iterate over multi handles
- openssl: check return value of X509_get0_pubkey
- openssl: drop support for old OpenSSL/LibreSSL versions
- openssl: fix crash on missing cert password
- openssl: fix pkcs11 URI checking for key files.
- openssl: remove bad `goto`s into other scope
- setopt: illegal CURLOPT_SOCKS5_AUTH should return error
- setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine
- sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version
- sshserver: fix excluding obsolete client config lines
- SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR
- tftpd: prefix TFTP protocol error `E*` constants with `TFTP_`
- tool_operate: fail SSH transfers without server auth
- url: call protocol handler's disconnect in Curl_conn_free
- urlapi: remove percent encoded dot sequences from the URL path
- urldata: remove 'hostname' from struct Curl_async
* Rebase patches:
- libcurl-ocloexec.patch
- curl-secure-getenv.patch
- Update to 8.12.1:
* Bugfixes:
- asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR'
- asyn-thread: fix HTTPS RR crash
- asyn-thread: fix the returned bitmask from Curl_resolver_getsock
- asyn-thread: survive a c-ares channel set to NULL
- cmake: always reference OpenSSL and ZLIB via imported targets
- cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config'
- cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config'
- content_encoding: #error on too old zlib
- imap: TLS upgrade fix
- ldap: drop support for legacy Novell LDAP SDK
- libssh2: comparison is always true because rc <= -1
- libssh2: raise lowest supported version to 1.2.8
- libssh: drop support for libssh older than 0.9.0
- openssl-quic: ignore ciphers for h3
- pop3: TLS upgrade fix
- runtests: fix the disabling of the memory tracking
- runtests: quote commands to support paths with spaces
- scache: add magic checks
- smb: silence '-Warray-bounds' with gcc 13+
- smtp: TLS upgrade fix
- tool_cfgable: sort struct fields by size, use bitfields for booleans
- tool_getparam: add "TLS required" flag for each such option
- vtls: fix multissl-init
- wakeup_write: make sure the eventfd write sends eight bytes
- Update to 8.12.0:
* Security fixes:
- [bsc#1234068, CVE-2024-11053] curl could leak the password used
for the first host to the followed-to host under certain circumstances.
- [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry
- [bsc#1236589, CVE-2025-0665] eventfd double close
* Changes:
- curl: add byte range support to --variable reading from file
- curl: make --etag-save acknowledge --create-dirs
- getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
- getinfo: provide info which auth was used for HTTP and proxy
- hyper: drop support
- openssl: add support to use keys and certificates from PKCS#11 provider
- QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
- vtls: feature ssls-export for SSL session im-/export
* Bugfixes:
- altsvc: avoid integer overflow in expire calculation
- asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
- asyn-ares: fix memory leak
- asyn-ares: initial HTTPS resolve support
- asyn-thread: use c-ares to resolve HTTPS RR
- async-thread: avoid closing eventfd twice
- cd2nroff: do not insist on quoted <> within backticks
- cd2nroff: support "none" as a TLS backend
- conncache: count shutdowns against host and max limits
- content_encoding: drop support for zlib before 1.2.0.4
- content_encoding: namespace GZIP flag constants
- content_encoding: put the decomp buffers into the writer structs
- content_encoding: support use of custom libzstd memory functions
- cookie: cap expire times to 400 days
- cookie: parse only the exact expire date
- curl: return error if etag options are used with multiple URLs
- curl_multi_fdset: include the shutdown connections in the set
- curl_sha512_256: rename symbols to the curl namespace
- curl_url_set.md: adjust the added-in to 7.62.0
- doh: send HTTPS RR requests for all HTTP(S) transfers
- easy: allow connect-only handle reuse with easy_perform
- easy: make curl_easy_perform() return error if connection still there
- easy_lock: use Sleep(1) for thread yield on old Windows
- ECH: update APIs to those agreed with OpenSSL maintainers
- GnuTLS: fix 'time_appconnect' for early data
- HTTP/2: strip TE request header
- http2: fix data_pending check
- http2: fix value stored to 'result' is never read
- http: ignore invalid Retry-After times
- http_aws_sigv4: Fix invalid compare function handling zero-length pairs
- https-connect: start next immediately on failure
- lib: redirect handling by protocol handler
- multi: fix curl_multi_waitfds reporting of fd_count
- netrc: 'default' with no credentials is not a match
- netrc: fix password-only entries
- netrc: restore _netrc fallback logic
- ngtcp2: fix memory leak on connect failure
- openssl: define `HAVE_KEYLOG_CALLBACK` before use
- openssl: fix ECH logic
- osslq: use SSL_poll to determine writeability of QUIC streams
- sectransp: free certificate on error
- select: avoid a NULL deref in cwfds_add_sock
- src: omit hugehelp and ca-embed from libcurltool
- ssl session cache: change cache dimensions
- system.h: add 64-bit curl_off_t definitions for NonStop
- telnet: handle single-byte input option
- TLS: check connection for SSL use, not handler
- tool_formparse.c: make curlx_uztoso a static in here
- tool_formparse: accept digits in --form type= strings
- tool_getparam: ECH param parsing refix
- tool_getparam: fail --hostpubsha256 if libssh2 is not used
- tool_getparam: fix "Ignored Return Value"
- tool_getparam: fix memory leak on error in parse_ech
- tool_getparam: fix the ECH parser
- tool_operate: make --etag-compare always accept a non-existing file
- transfer: fix CURLOPT_CURLU override logic
- urlapi: fix redirect to a new fragment or query (only)
- vquic: make vquic_send_packets not return without setting psent
- vtls: fix default SSL backend as a fallback
- vtls: only remember the expiry timestamp in session cache
- websocket: fix message send corruption
- x509asn1: add parse recursion limit
* Rebase pathes:
- libcurl-ocloexec.patch
- dont-mess-with-rpmoptflags.patch
- docker
-
- Update to docker-buildx v0.28.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.28.0>
- Update to Docker 28.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2840>
* Fixes a nil pointer panic in "docker push". bsc#1248373
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Update warnings and errors related to "docker buildx ..." so that they
reference our openSUSE docker-buildx packages.
+ cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
- Enable building docker-buildx for SLE15 systems with SUSEConnect secret
injection enabled. PED-12534 PED-8905 bsc#1247594
As docker-buildx does not support our SUSEConnect secret injection (and some
users depend "docker build" working transparently), patch the docker CLI so
that "docker build" will no longer automatically call "docker buildx build",
effectively making DOCKER_BUILDKIT=0 the default configuration. Users can
manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order
to opt-in to using docker-buildx.
Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0
explicitly.
In order to inject SCC credentials with docker-buildx, users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
+ cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Update to Docker 28.3.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2833>
CVE-2025-54388 bsc#1247367
- Update to docker-buildx v0.26.1. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.1>
- Update to docker-buildx v0.26.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.0>
- python-kiwi
-
- Bump version: 10.2.28 → 10.2.29
- Fix return from repart stage
If we return from the repart stage it's important to wait
for the root device to appear. This is because the device
setup from udev might still be held back due to a former
lock on the device. This means if we return fast after
locking for example when check_repart_possible() quickly
finds out that it's not possible, then udev has not yet
got the time to create the device nodes.
This Fixes #2863
- Bump version: 10.2.27 → 10.2.28
- Fix dracut code to be POSIX compliant
The redirect type "< <(...)" is not POSIX complians and leads
to a syntax error in dracut which calls bash as "sh" leading
it to be restricted to POSIX only
- Extend test-image-lvm integration test
For testing a bit more complex resize procedure, update
the lvm integration test to run more resize actions
with required device locking
- Apply proper udev locking
Several commands during repart, resize and other actions
require a proper lock to be set for udev such that other
events knows about the locked state of a device and do
not mess with it until the command for which the lock
persists has completed. This commit applies proper udev
locks to all commands that requires it. In addition
incorrect code that was expected to prevent such race
conditions got dropped from the implementation.
This is related to bsc#1242987
- relocate GPT at the end of disk using sfdisk
Using sfdisk for relocation and verification makes this
part more consistent. We also want to move away from gdisk.
This is related to #2851
- Do not strictly require config.partids in repart
The kiwi-repart implementation requires a metadata file
named config.partids which holds information about
partition ids and more stored at the time the image was
built. Depending on the complexity of the image and the
resize request some of the information can be rebuilt
in case the metadata file is missing. This commit adds
the rebuild of the minimum required information to run
a standard resize and therefore allows the kiwi-repart
dracut module to work also without config.partids to be
present in the system
- Do not drop /config.partids
The partition id metadata file is used in the kiwi-repart
module. If a user wants to use the kiwi repart module
permanently, this metadata file needs to stay in the system.
Therefore it should not be automatically deleted by the
cleanup. A disk.sh hook script can be used to force the
deletion of the file though. This is related #2851
- Fix centos/test-image-live-disk-v10
There is no package named iprutils
- Fix centos/test-image-live-disk-v10
Update package names
- Added centos/test-image-live-disk-v10 build test
- Fix tumbleweed/test-image-gce integration test
Drop obsolete growpart
- Followup fix to support older apt versions for bootstrap
There are apt versions that do not create missing state files.
Make sure the intermediate bootstrap state file is created in
any case. This Fixes #2857
- Fixed integration test builds
Next round of fixes for integration tests. Missing
or wrong service activations
- Fix arm/tumbleweed/test-image-rpi
Fix snapper setup for this integration test
- Fixed test-image-live-disk
Added missing openssh-server package
- Fixed test-image-azure
Add missing python-azure-agent-config-default package
- Fixed debian integration test builds
secure shell service is named ssh and not sshd there
- Fixed integration test builds
Second round of fixes for integration tests. Again errors
now became visible due to the refactoring of the script code
- Fixed integration test builds
Errors from scripts were no longer ignored due to the last
cleanup of the integration test script code. This commit
fixes the now exposed build errors
- Fix check_target_dir_on_unsupported_filesystem
Find the first existing path in the target path and
check the filesystem capabilities for this path.
This Fixes #2858
- Cleanup integration tests config.sh script code
Add script code to shellcheck and fix all reported issues.
Get rid of suseXX and baseXX methods as much as possible.
Add set -ex for all script code. Do not allow any script
code to fail.
- defaults: Add patterns for shim/grub2 on riscv64
A recent commit changed the way these are looked up and
accidentally broke image building on riscv64, with
KiwiBootLoaderGrubSecureBootError: Signed grub2 efi loader not found
now being raised for kiwi recipes that worked just fine
before that moment.
Fixes: 197572378cf4f25103934beac2ceca4fbbcfcbc0
Thanks: David Abdurachmanov <davidlt@rivosinc.com>
Thanks: Marcus Schäfer <marcus.schaefer@gmail.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
- Add SLFO test-image-disk-simple integration test
Add simple disk test and allow for testing the new
transparent container idea for the aws toolchain. also
add SLFO builds to the helper script
- Fixed check for unallocated space on disk
So far the check for unallocated space was only working for GPT
and there it was also not really stable. The check was based on
verifying if the backup GPT table is really at the end of the
disk. Depending on which tool was used to dump the image on the
target this "mistake" often got corrected by the tools that
dumped the image. In this case the check no longer worked.
This commit improves the check by another test which looks
for the real free bytes on disk compared to the current
partition geometry.
- Move to neutral directory for calling osc
When calling the helper/build_status.sh script to get an
overview about the results of the integration tests, there
is a stupid new behavior from the osc tool that it assumes
a package name according to the name of the directory you
are in probably connected to the fact that the data in this
directory is a git checkout or some other strange assumption.
This commit moves to a neutral directory where none of the
osc internal assumptions applies and it just does what it
should do... showing results of the given project.
- Bump version: 10.2.26 → 10.2.27
- Fix regression in get_partition_node_name
backwards compat for lsblk before 2.38
if START column not supported, fall back to default sort
- Add global option --setenv
Allow to set environment variables in the caller environment
via the commandline, e.g --setenv SOURCE_DATE_EPOCH=42
- Seed filesystem UUIDs with SOURCE_DATE_EPOCH
For reproducible builds the calculation of the filesystem UUID
should be persistent with each rebuild of the image. To achieve
this the UUID is calculated using the SOURCE_DATE_EPOCH from
the environment plus a char-number representation of the filesystem
label name as random seed. In kiwi every filesystem is created
with a label, thus only in case there is no SOURCE_DATE_EPOCH
available we continue to create the UUID as random data.
This Fixes #2761
- Add label attribute for <partition> section
Allow to specify a filesystem label as part of a <partition>
definition. So far the label was set by the name of the
partition. With the new label attribute, a filesystem label
different from the partition name can be set. This commit
also updates/fixes the documentation in this regard.
- Improve log message in SystemIdentifier
Add some scope information such that we know from where
this log information originates from.
- Add rd.kiwi.install.devicepersistency
Allow to specify which type of persistent device name should
be used to build up the list of installation disk devices.
For example rd.kiwi.install.devicepersistency=by-path would
use the by-path representations for the available disk
devices. The default (by-id) stays untouched. In case an
invalid or not present device representation is selected, kiwi
falls back to the non persistent unix node names.
- Update test-image-disk
Add NetworkManager for better remote debugging capabilities
- Make mbr-id deterministic
Log the value of SDE so it is available to review,
even if the build system does not tell about it.
Update the tests to cover the new code-path.
Co-Authored-By: Marcus Schäfer <marcus.schaefer@gmail.com>
- Ensure dracut initrd is reproducible
This helps a bit with issue #2358
Add reproducible flag for UKI too
Update tests accordingly
Co-Authored-By: Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.25 → 10.2.26
- Add kernel parameter support for dm-verity options
Implement rd.kiwi.verity_options= parameter to allow runtime customization of veritysetup options
Closes #2837
- Fix shim lookup for arm on SUSE
Add missing search path for shim binary on arm based SUSE
systems. Also update the tumbleweed/test-image-live-disk
integration test for arm to build with secure boot enabled
to actually test a secure boot enabled ISO build.
This Fixes #2842
- Add container_import template test
- Bump version: 10.2.24 → 10.2.25
- Fixed get_partition_node_name
The function get_partition_node_name takes the disk device
and the partition index as arguments to match against the
respective device node for this partition index. The partition
index is the position of the partition in the partition table
according to their start offset. For the code to function
properly it is required that the list of partitions provided
by lsblk is ordered according to the start address of the
partitions in the table. The way lsblk was called did not
enforce this ordering. This commit enforces the order to
be done against the start offset and fixes bsc#1245190
- Add support for container-snap as a container-image engine
With this commit, we can now pre-load images using container-snap directly
during the kiwi image build
- Update test-image-MicroOS for local build
Fix bootstrap setup such that micro-os patterns can resolve
- Fix logging of stderr data in command calls
The stderr data was presented as one blob without line
breaks. Hard to read and smells like a bug. This commit
fixes the output to become readable
- Update test-image-MicroOS/disk.sh
Add a findmnt for / to check if there is a proper root
device reference
- Fix mount system for root_is_snapper_snapshot
If root is a snapper snapshot we have to tell the
chroot a proper root mount point which can be achieved
by a bind mount pointing to itself. This Fixes
bsc#1244668
- There is no shim for aarch64 on SUSE
Fix integration test for standard EFI (no secure boot)
setup on arm
- Add driver configuration support for dracut initrd
Add driver configuration support for dracut initrd
Add support for specifying kernel drivers to be included or omitted
in the dracut initrd configuration. This extends the existing dracut
configuration capabilities like in the following example
<initrd action="add">
<dracut driver="erofs"/>
</initrd>
- Fixed rootfs size calculation with spare part
In case a spare_part setup is combined with the root_clone feature,
the size calculation for the rootfs did not take the cloning into
account and lead to the wrong value. In addition when requesting
the spare part to be last and no size information was given, the
partition was not created at all. This commit fixes both defects
and Fixes #2831
- Add dependency for isomd5sum for iso images and set in kiwi-settings
This ensures that isomd5sum is pulled into the environment for ISO image
builds, and the updated settings makes it so that kiwi boxes will use it.
- Allow /boot to be a btrfs subvolume
In a btrfs based design, allow to put /boot as subvolume.
This required a small fix in the mount order in a way that
boot/efi gets mounted after the subvolume mounts are done.
The respective integration test has been updated to test
this functionality. This Fixes #2824
- Use f-strings where feasible
This is a slightly shorter and easier to read syntax
- Allow multiple EFI arch binaries/modules
Allow to lookup and included EFI binaries/modules for
multiple architectures. For testing the integration
test in rawhide/test-image-live-disk has been adapted
accordingly to install 32bit and 64bit EFI binaries.
This Fixes #2822
- Log warning message for disabled runtime checks
Complete type hints for RuntimeConfig class and log
a warning message for each disabled runtime check
- Fix static type argument int vs. str
- Move it inside the context that actually uses it
also rename it to "supported" as that seems to closer match
what it resembles
- Add overlayfs as supporting xattr/ACLs as well
- Fix disk_type validation for zipl loader
If the targettype is set to GPT in combination with plain
zipl as loader, the code to validate the targettype against
the targetgeometry was not effective and zipl failed.
This Fixes #2821
- Fixup overlay unit enablement
- Fixup overlay mount dependencies
- Update test-image-overlayroot integration test
Use proper systemd mount units to setup the custom overlay.
The handling of fstab entries by systemd is limited and
should be better handled by self managed mount units
- Use proper mount units for overlay setup
Instead of manual mounting create a proper systemd mount
unit. This allows to manage mount dependencies and the order
of nested mounts in a clean way
- Bump version: 10.2.23 → 10.2.24
- Cleanup build metadata
Make sure the final image rootfs does not contain unneeded
metadata files used during build time. The respective cleanup
call is performed after the root sync and after all initrd/boot
processing has been done. This is because up to that point it's
still possible that the information is required. This means
when building images with a read-only rootfs, it might not be
possible that the metadata can be deleted due to a chicken&egg
situation. Furthermore the cleanup is applied to the disk
builder only as other builders do not really suffer from
this data and for the container builder the metadata can
also be used for the stackbuild feature when building images
derived from containers. This Fixes #2668
- Update overlay integration test for partial write
Update the sdboot_uki_verity_erofs profile of the
test-image-overlayroot integration test with a custom
fstab example to overlay only parts of the system
for writing. This Fixes #2815
- bootloader setup without overlay write partition
If overlayroot_write_partition="false" is set, no system
indicator was stored. This cause the bootloader setup to
be skipped completely which is not required for e.g.
systemd-boot.
- Make sure to create overlay directories
Create overlay directories even if rd.root.overlay.readonly
is set. This allows individual fstab overlays mounts to be
performed
- Fixed rd.root.overlay.readonly overlay mode
When booting an overlayroot image with rd.root.overlay.readonly
set, the system will boot with only the read-only root mounted.
There was a bug in the dracut code which prevented this mount
from succeeding when the read-only rootfs is different from
squashfs. This commit changes the mount to be a simple bind
mount, independent of the origin filesystem. This works because
the read-only mount is performed in the dracut overlay code
anyway. This is related to Issue #2815
- The way we build debs requires setuptools
debbuild doesn't work when setuptools is not there
- Drop use of setuptools
Since we moved to poetry and no code using setuptools anymore,
this requirement can be dropped. The commit also updates the
plugin documentation which was still based on setup.py
- Update live boot remote boot features
Like the upstream module also support the root=live:http://...
remote boot options. The kiwi-live dracut module is scheduled
to become obsolete, but it's still in use and should support
remote boot not only for AoE. As we got more issue reports than
working AoE remote boot success, this commit also updates the
documentation and switches to the capabilities of this PR.
- Add UKI support for the grub bootloader
In addition to systemd_boot also add support for UKI creation
when grub is used. This includes the creation of a UKI image
via dracut in the same way as it's done for systemd_boot.
In addition an earlyboot grub script chainloads the UKI and
bypasses any written grub configuration. In Theory this should
also allow to use the shim loader for chainloading an UKI.
However I haven't done testing in this direction and I also
expect security issues with this approach because loading
any non signed data by shim is not expected to work. A new
profile named grub_uki_verity_erofs has been added to the
integration test that experiments with UKIs
- Bump version: 10.2.22 → 10.2.23
- Add support for <initrd> section as part of <type>
Extend scope and content of the <initrd> section to be allowed
as part of the <type> section. This allows to specify custom
call options and modules for the dracut tool. In particular
this commit implementes support for passing the uefi option
to dracut to enable building an UKI EFI binary as follows:
<initrd action="setup">
<dracut uefi="true"/>
</initrd>
This Fixes #2809 and Fixes #2408
- Fix systemd-boot loader setup
To make sure only loader entries from /boot/efi/loader/entries
kiwi deleted eventually existing entry files from /boot/loader.
However that is a problem for read-only systems and should actually
also not performed by kiwi. This Fixes #2805
- dracut
-
- Update to version 059+suse.605.gc5a2b7ff:
* fix(dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
- Update to version 059+suse.603.g57891bd2:
* fix(rngd): adjust license to match the license of the whole project
* fix(dracut): kernel module name normalization in drivers lists (bsc#1241680)
* fix(dracut-init): assign real path to srcmods (bsc#1241114)
- grub2
-
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- Fix CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971)
* 0001-kern-rescue_reader-Block-the-rescue-mode-until-the-C.patch
* 0002-commands-search-Introduce-the-cryptodisk-only-argume.patch
* 0003-disk-diskfilter-Introduce-the-cryptocheck-command.patch
* 0004-commands-search-Add-the-diskfilter-support.patch
* 0005-docs-Document-available-crypto-disks-checks.patch
* 0006-disk-cryptodisk-Add-the-erase-secrets-function.patch
* 0007-disk-cryptodisk-Wipe-the-passphrase-from-memory.patch
* 0008-cryptocheck-Add-quiet-option.patch
- patch rebased
* 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
* 0004-Key-revocation-on-out-of-bound-file-access.patch
- patch refrehed
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Filter out the non-subvolume btrfs mount points when creating the
relative path (bsc#1239674)
* grub2-btrfs-filter-non-subvol-mount.patch
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- Fix CVE-2024-49504 (bsc#1229163) (bsc#1229164)
- Restrict CLI access if the encrypted root device is automatically unlocked by
the TPM. LUKS password authentication is required for access to be granted
* 0001-cli_lock-Add-build-option-to-block-command-line-inte.patch
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Obsolete, as CLI access is now locked and granted access no longer requires
the previous restrictions
* 0002-Restrict-file-access-on-cryptodisk-print.patch
* 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
- Rediff
* 0004-Key-revocation-on-out-of-bound-file-access.patch
- kernel-source:kernel-default
-
- staging: media: atomisp: Fix stack buffer overflow in
gmin_get_var_int() (CVE-2025-38585 bsc#1248355).
- commit f7d8b23
- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
CVE-2025-38618).
- commit 0256bd0
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- commit 5289b12
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- commit 1ff622a
- KVM: Allow CPU to reschedule while setting per-page memory
attributes (bsc#1248186 CVE-2025-38506).
- commit a7f8a41
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- commit 41f928f
- RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034).
- commit ac5d9dc
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- commit 4171987
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- commit fa3fcbb
- Update
patches.suse/Bluetooth-btnxpuart-Resolve-TX-timeout-error-in-powe.patch
(bsc#1230557 CVE-2024-58238 bsc#1242754).
- Update
patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch
(stable-fixes CVE-2025-38540 bsc#1248208).
- Update
patches.suse/PCI-pnv_php-Clean-up-allocated-IRQs-on-unplug.patch
(bsc#1215199 CVE-2025-38624 bsc#1248617).
- Update
patches.suse/PM-devfreq-Check-governor-before-using-governor-name.patch
(git-fixes CVE-2025-38609 bsc#1248337).
- Update
patches.suse/RDMA-hns-Fix-double-destruction-of-rsv_qp.patch
(git-fixes CVE-2025-38582 bsc#1248349).
- Update
patches.suse/arm64-entry-Mask-DAIF-in-cpu_switch_to-call_on_irq_stack.patch
(git-fixes CVE-2025-38670 bsc#1248655).
- Update
patches.suse/btrfs-fix-assertion-when-building-free-space-tree.patch
(git-fixes CVE-2025-38503 bsc#1248183).
- Update
patches.suse/can-netlink-can_changelink-fix-NULL-pointer-deref-of.patch
(git-fixes CVE-2025-38665 bsc#1248648).
- Update
patches.suse/clk-davinci-Add-NULL-check-in-davinci_lpsc_clk_regis.patch
(git-fixes CVE-2025-38635 bsc#1248573).
- Update
patches.suse/clk-xilinx-vcu-unregister-pll_post-only-if-registere.patch
(git-fixes CVE-2025-38583 bsc#1248350).
- Update
patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch
(git-fixes CVE-2025-38529 bsc#1248196).
- Update
patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch
(git-fixes CVE-2025-38530 bsc#1248206).
- Update
patches.suse/crypto-ccp-Fix-crash-when-rebind-ccp-device-for-ccp..patch
(git-fixes CVE-2025-38581 bsc#1248345).
- Update
patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch
(git-fixes CVE-2025-38538 bsc#1248213).
- Update patches.suse/drm-amd-display-Fix-vs-typos.patch
(git-fixes CVE-2024-26661 bsc#1222323).
- Update
patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch
(git-fixes CVE-2025-38515 bsc#1248212).
- Update
patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch
(git-fixes CVE-2025-38543 bsc#1248214).
- Update
patches.suse/fbdev-imxfb-Check-fb_add_videomode-to-prevent-null-p.patch
(git-fixes CVE-2025-38630 bsc#1248575).
- Update
patches.suse/hfsplus-remove-mutex_lock-check-in-hfsplus_free_extents.patch
(git-fixes CVE-2025-38650 bsc#1248746).
- Update
patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch
(git-fixes CVE-2025-38548 bsc#1248228).
- Update
patches.suse/i2c-qup-jump-out-of-the-loop-in-case-of-timeout.patch
(git-fixes CVE-2025-38671 bsc#1248652).
- Update
patches.suse/ipv6-fix-possible-infinite-loop-in-fib6_info_uses_de.patch
(git-fixes CVE-2025-38587 bsc#1248361).
- Update
patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch
(git-fixes CVE-2025-38550 bsc#1248227).
- Update
patches.suse/ipv6-prevent-infinite-loop-in-rt6_nlmsg_size.patch
(git-fixes CVE-2025-38588 bsc#1248368).
- Update
patches.suse/ipv6-reject-malicious-packets-in-ipv6_gso_segment.patch
(git-fixes CVE-2025-38572 bsc#1248399).
- Update
patches.suse/iwlwifi-Add-missing-check-for-alloc_ordered_workqueu.patch
(git-fixes CVE-2025-38602 bsc#1248341).
- Update
patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch
(git-fixes CVE-2025-38510 bsc#1248166).
- Update
patches.suse/ksmbd-fix-out-of-bounds-read-in-smb2_sess_setup.patch
(bsc#1012628 bsc#1213545 CVE-2023-3867).
- Update
patches.suse/ksmbd-fix-wrong-next-length-validation-of-ea-b.patch
(bsc#1012628 CVE-2023-4130 bsc#1248164).
- Update patches.suse/ksmbd-validate-command-request-size.patch
(bsc#1012628 CVE-2023-4515 bsc#1248180).
- Update
patches.suse/md-make-rdev_addable-usable-for-rcu-mode.patch
(git-fixes CVE-2025-38621 bsc#1248609).
- Update
patches.suse/net-packet-fix-a-race-in-packet_set_ring-and-packet_.patch
(git-fixes CVE-2025-38617 bsc#1248621).
- Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch
(git-fixes CVE-2025-38537 bsc#1248229).
- Update
patches.suse/net-sched-Restrict-conditions-for-adding-duplicating.patch
(git-fixes CVE-2025-38553 bsc#1248255).
- Update
patches.suse/net-sched-mqprio-fix-stack-out-of-bounds-write-in-tc.patch
(git-fixes CVE-2025-38568 bsc#1248386).
- Update
patches.suse/nilfs2-reject-invalid-file-types-when-reading-inodes.patch
(git-fixes CVE-2025-38663 bsc#1248636).
- Update patches.suse/perf-core-Exit-early-on-perf_mmap-fail.patch
(CVE-2025-38563 bsc#1248306 dependency CVE-2025-38565
bsc#1248377).
- Update
patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch
(git-fixes CVE-2025-38535 bsc#1248240).
- Update
patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch
(git-fixes CVE-2025-38516 bsc#1248209).
- Update
patches.suse/pinmux-fix-race-causing-mux_owner-NULL-with-active-m.patch
(git-fixes CVE-2025-38632 bsc#1248669).
- Update
patches.suse/power-supply-cpcap-charger-Fix-null-check-for-power_.patch
(git-fixes CVE-2025-38634 bsc#1248666).
- Update
patches.suse/powercap-dtpm_cpu-Fix-NULL-pointer-dereference-in-ge.patch
(git-fixes CVE-2025-38610 bsc#1248395).
- Update
patches.suse/powerpc-eeh-Make-EEH-driver-device-hotplug-safe.patch
(bsc#1215199 CVE-2025-38576 bsc#1248354).
- Update
patches.suse/staging-fbtft-fix-potential-memory-leak-in-fbtft_fra.patch
(git-fixes CVE-2025-38612 bsc#1248390).
- Update
patches.suse/sunrpc-fix-client-side-handling-of-tls-alerts.patch
(git-fixes CVE-2025-38571 bsc#1248401).
- Update
patches.suse/sunrpc-fix-handling-of-server-side-tls-alerts.patch
(git-fixes CVE-2025-38566 bsc#1248374).
- Update
patches.suse/tls-stop-recv-if-initial-process_rx_list-gave-us-non.patch
(bsc#1221858 CVE-2024-58239 bsc#1248614).
- Update
patches.suse/usb-gadget-fix-use-after-free-in-composite_dev_clean.patch
(git-fixes CVE-2025-38555 bsc#1248297).
- Update
patches.suse/wifi-ath11k-clear-initialized-flag-for-deinit-ed-srn.patch
(git-fixes CVE-2025-38601 bsc#1248340).
- Update
patches.suse/wifi-iwlwifi-Fix-error-code-in-iwl_op_mode_dvm_start.patch
(git-fixes CVE-2025-38656 bsc#1248643).
- Update
patches.suse/wifi-mac80211-reject-TDLS-operations-when-station-is.patch
(git-fixes CVE-2025-38644 bsc#1248748).
- Update
patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch
(git-fixes CVE-2025-38541 bsc#1248216).
- Update
patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch
(stable-fixes CVE-2025-38512 bsc#1248178).
- Update
patches.suse/wifi-rtl818x-Kill-URBs-before-clearing-tx-status-que.patch
(git-fixes CVE-2025-38604 bsc#1248333).
- Update
patches.suse/wifi-rtw89-avoid-NULL-dereference-when-RX-problemati.patch
(git-fixes CVE-2025-38646 bsc#1248577).
- Update
patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch
(git-fixes CVE-2025-38513 bsc#1248179).
- commit efc5ee0
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in
mt_report_fixup() (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in
mtk_drm_get_all_drm_priv (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr
(git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer
(git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition
(git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is
unbalanced (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend
disconnect (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as
success (git-fixes).
- commit f54cbc7
- clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (CVE-2025-38160 bsc#1245780)
- commit f8670f7
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit 263759a
- drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (CVE-2025-38205 bsc#1246005)
- commit e09f72d
- smb: client: add NULL check in automount_fullpath (CVE-2025-38208 bsc#1245815)
- commit 04d79fb
- net: stmmac: make sure that ptp_rate is not 0 before configuring EST (CVE-2025-38125 bsc#1245710)
- commit 0fcfa4f
- pNFS: Fix disk addr range check in block/scsi layout
(git-fixes).
- commit c36ff17
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- commit 5bf6a36
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- commit 36dee9f
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- commit 8d7a7ee
- jfs: truncate good inode pages when hard link is 0 (git-fixes).
- commit 7e762b7
- jfs: Regular file corruption check (git-fixes).
- commit 4f3d801
- jfs: upper bound check of tree index in dbAllocAG (git-fixes).
- commit 997ac87
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes).
- commit 1ea8ac2
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
(git-fixes).
- commit 34d35cb
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(git-fixes).
- commit 07b3674
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
(git-fixes).
- commit edddb1c
- hfs: fix not erasing deleted b-tree node issue (git-fixes).
- commit 9b06f84
- fs/orangefs: use snprintf() instead of sprintf() (git-fixes).
- commit 9e05c62
- exfat: add cluster chain loop check for dir (git-fixes).
- commit 50f0877
- drm/amdkfd: Don't call mmput from MMU notifier callback (bsc#1248217 CVE-2025-38520)
- commit c848230
- drm/amdgpu: fix task hang from failed job submission during
process kill (git-fixes).
- commit 6aefbfc
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts
(stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode
Wi-Fi dongles (stable-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake
(stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based
camera (stable-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1
Flash Drive (stable-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
(stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
(stable-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek
WS0 race condition (stable-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails
(stable-fixes).
- soundwire: amd: serialize amd manager resume sequence during
pm_prepare (stable-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry
(stable-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable
separately (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails
(stable-fixes).
- wifi: ath12k: Add memset and update default rate value in wmi
tx completion (stable-fixes).
- wifi: cfg80211: reject HTC bit for management frames
(stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg()
for USB (stable-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB
(stable-fixes).
- wifi: rtw89: Disable deep power saving for USB/SDIO
(stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: mac80211: don't complete management TX on SAE commit
(stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations
(stable-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch
(stable-fixes).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
(stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in
iwl_fw_dbg_collect (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in
`_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in
_rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274
hw2.0 (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling
(stable-fixes).
- wifi: mac80211: update radar_required in channel context after
channel switch (stable-fixes).
- wifi: iwlegacy: Check rate_idx range after addition
(stable-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835
(stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed
(stable-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2
and Default (stable-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device
Command (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller
(stable-fixes).
- usb: xhci: Avoid showing errors during surprise removal
(stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion
parsing (stable-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
(stable-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads
(stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown
when required (stable-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in
mperf_stop() (stable-fixes).
- PM: runtime: Clear power.needs_force_resume in
pm_runtime_reinit() (stable-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul()
in set_freq_store() (stable-fixes).
- commit 3e165bb
- net: phy: smsc: add proper reset flags for LAN8710A
(stable-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal
(stable-fixes).
- media: v4l2-common: Reduce warnings about missing
V4L2_CID_LINK_FREQ control (stable-fixes).
- media: tc358743: Return an appropriate colorspace from
tc358743_set_fmt (stable-fixes).
- media: tc358743: Check I2C succeeded during probe
(stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374
(stable-fixes).
- media: usb: hdpvr: disable zero-length read messages
(stable-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in
transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of
tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
(stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
(stable-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
(stable-fixes).
- mei: bus: Check for still connected devices in
mei_cl_bus_dev_release() (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent
(stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk
list (stable-fixes).
- commit 49985d1
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
(git-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings
(stable-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i3c: don't fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call()
(stable-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe
based on thermal state (stable-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in
dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
(stable-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera
(stable-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index
(stable-fixes).
- iio: adc: ad_sigma_delta: don't overallocate scan buffer
(stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset()
(stable-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing
requirement (stable-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits()
(stable-fixes).
- gpio: tps65912: check the return value of regmap_update_bits()
(stable-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t
__aligned(8) to aligned_s64 (stable-fixes).
- commit cf6f726
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6
(stable-fixes).
- drm/amd/display: Fill display clock and vblank time in
dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in
dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Avoid a NULL pointer dereference
(stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
(stable-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR
handling (stable-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings
(stable-fixes).
- drm/amd: Restore cached power limit during resume
(stable-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
(stable-fixes).
- fbdev: fix potential buffer overflow in
do_register_framebuffer() (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized
(stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU
not supported (stable-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms
(stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll
(stable-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select
(stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting
dpm to manual (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected
ports (stable-fixes).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- et131x: Add missing check after DMA map (stable-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- char: misc: Fix improper and inaccurate error code returned
by misc_init() (stable-fixes).
- commit adab316
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6
and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
(stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300)
to quirks (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe()
(stable-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in
hci_sock_free_cookie() (stable-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level()
was successed (stable-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and
disconnection (stable-fixes).
- ASoC: core: Check for rtd == NULL in
snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification
(stable-fixes).
- commit c1f1889
- ALSA: hda: Handle the jack polling always via a work
(stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for
ICH4 (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
(stable-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
(stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
(stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory
error not recovered (stable-fixes).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- commit d6d6e01
- xfrm: interface: fix use-after-free after changing collect_md
xfrm interface (CVE-2025-38500 bsc#1248088).
- rxrpc: Fix recv-recv race of completed call (CVE-2025-38524
bsc#1248194).
- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
bsc#1248223).
- commit 57cffb2
- x86/sev: Evict cache lines during SNP memory validation
(CVE-2025-38560 bsc#1248312).
- commit 0d489ec
- hid: hide cleanup of hid_descriptor (CVE-2025-38103
bsc#1245663).
- commit 58f3abc
- HID: usbhid: Eliminate recurrent out-of-bounds bug in
usbhid_parse() (CVE-2025-38103 bsc#1245663).
- blacklist.conf: removed erroneous entry
- commit 5f4ef22
- rpm/config.sh: Update Leap project
- commit 20eb23b
- selftests/perf_events: Add a mmap() correctness test
(CVE-2025-38563 bsc#1248306 selftest).
- commit 919a844
- bpf: fix kfunc btf caching for modules (git-fixes).
- commit 5ae4aa5
- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
bsc#1248306).
- commit d1daec3
- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
bsc#1248306 dependency).
- commit 4deadd8
- perf/core: Don't leak AUX buffer refcount on allocation failure
(CVE-2025-38563 bsc#1248306 dependency).
- commit d26658d
- bpf: use kvzmalloc to allocate BPF verifier environment
(git-fixes).
- commit fd28e75
- selftests/bpf: Verify that sync_linked_regs preserves subreg_def
(bsc#1234156 CVE-2024-53125).
- commit cee135e
- samples/bpf: Fix compilation errors with cf-protection option
(git-fixes).
- commit 388c9e8
- selftests/bpf: fexit_sleep: Fix stack allocation for arm64
(git-fixes).
- commit 2d627c6
- iio: common: st_sensors: Fix use of uninitialize device structs
(CVE-2025-38531 bsc#1248205).
- commit 2739cf9
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- commit 40d11e8
- usb: dwc3: fix fault at system suspend if device was already
runtime suspended (git-fixes).
- commit 03244f6
- usb: dwc3: core: Fix system suspend on TI AM62 platforms
(git-fixes).
- commit ae2a72e
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- most: core: Drop device reference after usage in get_channel()
(git-fixes).
- usb: storage: realtek_cr: Use correct byte order for
bcs->Residue (git-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt
timeout (git-fixes).
- usb: core: hcd: fix accessing unmapped memory in
SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e()
for consistency (git-fixes).
- commit f954d9b
- iio: proximity: isl29501: fix buffered read on big-endian
systems (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples
(git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl()
and do_insnlist_ioctl() (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug
(git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear()
(git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor()
(git-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
(git-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15%
(git-fixes).
- drm/amd/display: Don't overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Add null pointer check in
mod_hdcp_hdcp1_create_session() (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier
(git-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit
validation (git-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm
boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14
(git-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3()
(git-fixes).
- commit 0a99e72
- bpf: Reject narrower access to pointer ctx fields (bsc#1248363
CVE-2025-38591).
- commit 2a67c58
- md: make rdev_addable usable for rcu mode (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
(git-fixes).
- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
(git-fixes).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full()
(git-fixes).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
(git-fixes).
- scsi: mpi3mr: Fix race between config read submit and interrupt
completion (git-fixes).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check
(git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- commit e0823df
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit a7416f7
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (CVE-2025-38458 bsc#1247116)
- commit 17419dc
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (CVE-2025-38245 bsc#1246193)
- commit c9503c1
- btrfs: fix adding block group to a reclaim list and the unused
list during reclaim (git-fixes).
- btrfs: retry block group reclaim without infinite loop
(git-fixes).
- commit 0a86fac
- btrfs: fix bitmap leak when loading free space cache on
duplicate entry (git-fixes).
- commit 72cd329
- btrfs: run delayed iputs when flushing delalloc (git-fixes).
- btrfs: update target inode's ctime on unlink (git-fixes).
- commit 8eb6c44
- btrfs: fix data race when accessing the inode's disk_i_size
at btrfs_drop_extents() (git-fixes).
- commit 04c28bf
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- commit 7c9f4fd
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper
error handling (git-fixes).
- commit 0d7a95c
- btrfs: correctly escape subvol in btrfs_show_options()
(git-fixes).
- commit 8ae9b3b
- atm: Revert atm_account_tx() if copy_from_iter_full() fails (CVE-2025-38190 bsc#1245973)
- commit ee168d7
- atm: atmtcp: Free invalid length skb in atmtcp_c_send() (CVE-2025-38185 bsc#1246012)
- commit 3034c5a
- md/raid1: Fix stack memory use after return in raid1_reshape (CVE-2025-38445 bsc#1247229)
- commit c07b722
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248338 CVE-2025-38608).
- commit 70a5de5
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- commit b03653b
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- commit 99342e6
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- commit d8fc453
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- commit d6073c4
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- commit 43a4c91
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- commit 184f89d
- atm: clip: Fix infinite recursive call of clip_push() (CVE-2025-38459 bsc#1247119)
- commit cace503
- atm: clip: prevent NULL deref in clip_push() (CVE-2025-38251 bsc#1246181)
- commit 955d194
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (CVE-2025-38439 bsc#1247155)
- commit fad3d81
- ACPI: pfr_update: Fix the driver update version check
(git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus
initialization (git-fixes).
- Bluetooth: hci_conn: do return error from
hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established
(git-fixes).
- commit 5ef3e7e
- raid10: cleanup memleak at raid10_make_request (CVE-2025-38444 bsc#1247162)
- commit 08daebe
- net: openvswitch: Fix the dead loop of MPLS parse
(CVE-2025-38146 bsc#1245767).
- commit 2d16fb7
- Update patches.kabi/kabi-hide-new-member-fallback_lock-in-struct-mptcp_s.patch.
Perform the build time check that struct mptcp_sock layout only when
CONFIG_SUSE_KERNEL_SUPPORTED is enabled. Some kernel-debug builds do not
have the hole we rely on in the kabi hack. (But those do not have to
preserve kABI so that we can simply disable the check.)
- commit 21df537
- kabi: hide new member fallback_lock in struct mptcp_sock
(CVE-2025-38491 bsc#1247280).
- mptcp: make fallback action and fallback decision atomic
(CVE-2025-38491 bsc#1247280).
- mptcp: safety check before fallback (CVE-2025-38491
bsc#1247280).
- mptcp: reset when MPTCP opts are dropped after join (git-fixes).
- mptcp: fallback when MPTCP opts are dropped after 1st data
(git-fixes).
- commit 7bb090d
- tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464
bsc#1247112).
- commit 7a2a262
- bpf: Reject %p% format string in bprintf-like helpers
(bsc#1248198 CVE-2025-38528).
- commit b8830ae
- md/md-cluster: handle REMOVE message earlier (bsc#1247057).
- commit b9c1ff5
- scsi: target: iscsi: Fix timeout on deleted connection (CVE-2025-38075 bsc#1244734)
- commit 9bfd228
- net: mctp: Don't access ifa_index when missing (CVE-2025-38006 bsc#1244930)
- commit d0d056e
- netfilter: nft_set_pipapo: clamp maximum map bucket size to
INT_MAX (CVE-2025-38201 bsc#1245977).
- commit 2f63881
- netfilter: flowtable: account for Ethernet header in
nf_flow_pppoe_proto() (CVE-2025-38441 bsc#1247167).
- commit 0a2f320
- netfilter: nf_conntrack: fix crash due to removal of
uninitialised entry (CVE-2025-38472 bsc#1247313).
- commit 1779cac
- powerpc/kernel: Fix ppc_save_regs inclusion in build
(bsc#1215199).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- commit 3402e7e
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence
detection (bsc#1215199).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199).
- commit 0bddfac
- ata: libata-scsi: Fix CDL control (git-fixes).
- commit c04f51b
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
(git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
(git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- Revert "gpio: mlxbf3: only get IRQ for device instance 0"
(git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state
(git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
(git-fixes).
- selftests: rtnetlink.sh: remove esp4_offload after test
(git-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer
TX10UB Nano (stable-fixes).
- kselftest/arm64: Fix check for setting new VLs in sve-ptrace
(git-fixes).
- selftests: Fix errno checking in syscall_user_dispatch test
(git-fixes).
- selftests/tracing: Fix false failure of subsystem event test
(git-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx
(stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx
(stable-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- commit 19adc9d
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus
(git-fixes).
- commit 206e9eb
- ACPI: processor: perflib: Move problematic pr->performance check
(git-fixes).
- commit 742e4e7
- btrfs: fix the length of reserved qgroup to free (bsc#1240708)
- commit e3e4e05
- btrfs: fix qgroup reserve leaks in cow_file_range (CVE-2024-46733 bsc#1230708)
- commit 20ff141
- Move pesign-obs-integration requirement from kernel-syms to kernel devel
subpackage (bsc#1248108).
- commit e707e41
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- commit bf13671
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- commit 246a69b
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- commit 4fac981
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- commit 9beeb6d
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- commit 173d0a1
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before
retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written
(git-fixes).
- PCI: imx6: Remove apps_reset toggling from
imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4
in epc_features (git-fixes).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge
(git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
(git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug
Capable ports (git-fixes).
- PCI: Support Immediate Readiness on devices without PM
capabilities (git-fixes).
- PCI: apple: Fix missing OF node reference in
apple_pcie_setup_port (git-fixes).
- PCI: Add ACS quirk for Loongson PCIe (git-fixes).
- commit e24dcd6
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- commit 271991a
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- commit b77d1e0
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- commit 3cbe1cf
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- commit 6d0adbc
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- commit d8b8e5c
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- commit 81dc70d
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- commit a30082d
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- commit d67b39d
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- commit 3ecd022
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- commit c34ecbe
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- commit b37cb41
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- commit 32c56dd
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- commit ee84ff9
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- commit 7b505c9
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- commit 2981841
- arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes)
- commit 4ad8521
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- commit ba1bbf1
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- commit 356d85f
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- commit 1ad9e93
- arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes)
- commit 54de7d8
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- commit c91d52e
- drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078 CVE-2025-38360)
- commit 9101a0c
- net: libwx: remove duplicate page_pool_put_full_page()
(CVE-2025-38490 bsc#1247243).
- commit f305524
- sunrpc: fix handling of server side tls alerts (git-fixes).
- commit 40fb7b3
- cifs: Fix buffer overflow when parsing NFS reparse points
(CVE-2024-49996 bsc#1232089).
- commit 50adb2e
- smb: client: fix parsing of device numbers (git-fixes).
- commit 45992a6
- ice, irdma: fix an off by one in error handling code
(bsc#1247712).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme()
(bsc#1247712).
- commit 46ad237
- ice: init flow director before RDMA (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- commit 383df22
- smb3: move server check earlier when setting channel sequence
number (git-fixes).
- commit df2adca
- ring-buffer: Do not allow events in NMI with generic atomic64
cmpxchg() (git-fixes).
- commit 890fc59
- module: Restore the moduleparam prefix length check (git-fixes).
- commit ad2fc48
- module: Remove unnecessary +1 from last_unloaded_module::name
size (git-fixes).
- commit 3efc8ab
- audit,module: restore audit logging in load failure case
(git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- commit 7e23359
- module: Fix memory deallocation on error path in move_module()
(git-fixes).
- commit bb37d39
- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion
(git-fixes).
- Refresh
patches.suse/smb-client-fix-use-after-free-of-signing-key.patch.
- commit ee8ada8
- smb: client: fix potential deadlock when reconnecting channels
(bsc#1246183, CVE-2025-38244).
- commit fcf601a
- cifs: reconnect helper should set reconnect for the right
channel (git-fixes).
- commit ae3173e
- [SMB3] send channel sequence number in SMB3 requests after
reconnects (git-fixes).
- commit baa81e9
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- Refresh
patches.suse/msft-hv-3280-net-mana-Add-support-for-Multi-Vports-on-Bare-metal.patch.
- commit 1b4ad82
- netlink: avoid infinite retry looping in netlink_unicast()
(CVE-2025-38465 bsc#1247118).
- net: mana: Set tx_packets to post gso processing packet count
(bsc#1245731).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity
(bsc#1245457).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X
allocations (bsc#1245457).
- net: mana: Add handler for hardware servicing events
(bsc#1245730).
- net: mana: Expose additional hardware counters for drop and
TC via ethtool (bsc#1245729).
- hv_netvsc: Use VF's tso_max_size value when data path is VF
(bsc#1246203).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE
(bsc#1246203).
- commit bdd7f41
- NFS: Fix wakeup of __nfs_lookup_revalidate() in
unblock_revalidate() (git-fixes).
- commit 80e576f
- sched: Add test_and_clear_wake_up_bit() and
atomic_dec_and_wake_up() (git-fixes).
- commit 3754627
- drm/amdgpu: Add basic validation for RAS header (bsc#1247252 CVE-2025-38426)
- commit 5d23e74
- NFS: Fix the setting of capabilities when automounting a new
filesystem (git-fixes).
- commit fabe208
- sunrpc: fix client side handling of tls alerts (git-fixes).
- commit 4c093f3
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
(git-fixes).
- commit fd58755
- NFSv4.2: another fix for listxattr (git-fixes).
- commit 5a2e576
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
(git-fixes).
- commit 094541e
- pNFS/flexfiles: don't attempt pnfs on fatal DS errors
(git-fixes).
- commit ec1d884
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- ALSA: hda/ca0132: Fix missing error handling in
ca0132_alt_select_out() (git-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in
__hdmi_lpe_audio_probe() (git-fixes).
- commit 1750f05
- posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- commit ab7e2c1
- tls: always refresh the queue when reading sock (CVE-2025-38471
bsc#1247450).
- ext4: only dirty folios when data journaling regular files
(CVE-2025-38220 bsc#1245966).
- commit 4468ab0
- net/sched: mqprio: fix stack out-of-bounds write in tc entry
parsing (git-fixes).
- commit 87e34c3
- net/packet: fix a race in packet_set_ring() and
packet_notifier() (git-fixes).
- commit caa5d02
- net/sched: taprio: enforce minimum value for picos_per_byte
(git-fixes).
- commit d33d37f
- ipv6: reject malicious packets in ipv6_gso_segment()
(git-fixes).
- commit e120573
- netpoll: prevent hanging NAPI when netcons gets enabled
(git-fixes).
- commit d8e3fe4
- tracing/kprobes: Fix to free objects when failed to copy a
symbol (git-fixes).
- commit a2d3373
- tracing/kprobe: Make trace_kprobe's module callback called
after jump_label update (git-fixes).
- commit 34ee7ea
- kABI fix for net: vlan: fix VLAN 0 refcount imbalance of
toggling (CVE-2025-38470 bsc#1247288).
- commit 00f8e79
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering
during runtime (CVE-2025-38470 bsc#1247288).
- net/sched: Abort __tc_modify_qdisc if parent class does not
exist (CVE-2025-38457 bsc#1247098).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(CVE-2025-38460 bsc#1247143).
- idpf: convert control queue mutex to a spinlock (CVE-2025-38392
bsc#1247169).
- commit 4f53008
- drm/amd/display: Don't overwrite dce60_clk_mgr (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in
vgacon_scroll()" (stable-fixes).
- commit 6cc69eb
- exfat: fdatasync flag should be same like generic_write_sync()
(git-fixes).
- commit ec3f01f
- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit 545afad
- vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (CVE-2024-56742 bsc#1235613)
- commit ff30550
- scsi: target: Fix NULL pointer dereference in
core_scsi3_decode_spec_i_port() (CVE-2025-38399 bsc#1247097).
- commit e689eaa
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- commit 39fb4df
- drm/v3d: Disable interrupts before resetting the GPU
(CVE-2025-38371 bsc#1247178).
- commit 4160ac6
- btrfs: fix log tree replay failure due to file with 0 links
and extents (git-fixes).
- commit fd0c9dd
- fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120)
- commit 1ef0d72
- netlink: make sure we allow at least one dump skb
(CVE-2025-38465 bsc#1247118).
- netlink: Fix rmem check in netlink_broadcast_deliver()
(CVE-2025-38465 bsc#1247118).
- netlink: Fix wraparounds of sk->sk_rmem_alloc (CVE-2025-38465
bsc#1247118).
- commit b3ac9f0
- btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120)
- commit 53ce95e
- Refresh
patches.kabi/xsk-Fix-race-condition-in-AF_XDP-generic-RX-path.patch.
Drop the static_assert() kABI checks temporarily until we have a proper
solution to signal kABI verification.
- commit d4817c8
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- commit 9dcc611
- integrity/platform_certs: Allow loading of keys in the static
key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management
mode (jsc#PED-13345 jsc#PED-13343).
- powerpc/pseries: Correct secvar format representation for
static key management (jsc#PED-13345 jsc#PED-13343).
- commit f654d9a
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- commit 3ed80f8
- kABI: restore layout of struct msi_desc (CVE-2025-38062
bsc#1245216).
- genirq/msi: Store the IOMMU IOVA directly in msi_desc instead
of iommu_cookie (CVE-2025-38062 bsc#1245216).
- commit 19502f4
- Delete
patches.suse/af_unix-Disable-MSG_OOB-for-unprivileged-users.patch.
- commit e99b1bb
- Update config files. (CVE-2025-38236 bsc#1246093)
Disable CONFIG_AF_UNIX_OOB as the implementation is ridden with security
bugs whose fixes would be hard to backport and the feature has no known
users.
- commit f8cd607
- Refresh patches.suse/x86-its-Enumerate-Indirect-Target-Selection-ITS-bug.patch.
- Refresh
patches.suse/x86-its-Add-vmexit-option-to-skip-mitigation-on-some-CPUs.patch.
Fix affected model steppings.
- commit 115d04b
- KVM: x86: Reset IRTE to host control if *new* route isn't
postable (bsc#1242960 CVE-2025-37885).
- commit b463fcd
- enabled CONFIG_X86_INTEL_TSX_MODE_AUTO
This is a response to bsc#1246695. As result of TAA vulnerability
(CVE-2019-11135) we have aimed to follow the upstream default for TSX
but due to a mistake we have ended up using CONFIG_X86_INTEL_TSX_MODE_ON
rather than CONFIG_X86_INTEL_TSX_MODE_OFF. This has been noticed later
on and fixed to align with upstream. Which has made some users unhappy
because they have lost a default TSX functionality even on HW that is
not susceptible to CVE-2019-11135.
We have discussed different ways to deal with that but the likely most
straightforward turned out to be to go with CONFIG_X86_INTEL_TSX_MODE_AUTO
which disables TSX only on CVE-2019-11135 affected HW. We are still
diverging from the upstream here but there are some positive indications
that no new TSX based side channels have been discovered since.
- commit 395c9dd
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- commit 54261d2
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
context in qfq_delete_class (git-fixes).
- commit cdfb027
- Refresh
patches.suse/af_unix-Disable-MSG_OOB-for-unprivileged-users.patch.
Print message upon disabled use.
- commit 31d5690
- Refresh
patches.suse/virtio-blk-scsi-use-block-layer-helpers-to-calculate.patch.
- commit 773f5a0
- Rename to
patches.suse/scsi-use-block-layer-helpers-to-calculate-num-of-que.patch.
- commit dd839b8
- Refresh
patches.suse/nvme-pci-use-block-layer-helpers-to-calculate-num-of.patch.
- commit e114e47
- Refresh
patches.suse/blk-mq-add-number-of-queue-calc-helper.patch.
- commit db4fa45
- Rename to
patches.suse/lib-group_cpus-Let-group_cpu_evenly-return-the-numbe.patch.
Refresh:
- patches.kabi/kabi-fix-group-cpus-evenly.patch
- patches.suse/lib-group_cpus-honor-housekeeping-config-when-grouping.patch
- commit ca07a82
- btrfs: tests: fix chunk map leak after failure to add it to
the tree (git-fixes).
- commit 4c3fd9d
- lib/group_cpus: fix NULL pointer dereference from
group_cpus_evenly() (bsc#1236897).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in
group_cpus_evenly (bsc#1236897).
- commit 749ceff
- btrfs: fix ssd_spread overallocation (git-fixes).
- commit 760f402
- btrfs: use btrfs_record_snapshot_destroy() during rmdir
(git-fixes).
- commit 05219d1
- btrfs: propagate last_unlink_trans earlier when doing a rmdir
(git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- commit 6fea6c3
- btrfs: don't skip remaining extrefs if dir not found during
log replay (git-fixes).
- commit ae66e11
- btrfs: don't ignore inode missing when replaying log tree
(git-fixes).
- commit 87671c8
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
(bsc#242960 CVE-2025-37885).
- commit 1396afc
- btrfs: fix inode lookup error handling during log replay
(git-fixes).
- commit a89d2a6
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvme: fix endianness of command word prints in
nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in
nvme_ns_add_to_ctrl_list() (git-fixes).
- commit bbf2481
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- commit fd0e41a
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- commit b4fa2d1
- rtc: rv3028: fix incorrect maximum clock rate handling
(git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling
(git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling
(git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling
(git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling
(git-fixes).
- rtc: ds1307: fix incorrect maximum clock rate handling
(git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- commit e466472
- pinmux: fix race causing mux_owner NULL with active mux_usecount
(git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
(git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet
(git-fixes).
- commit fd1a6ae
- PCI: rockchip-host: Fix "Unexpected Completion" log message
(git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem
attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if
pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown
(git-fixes).
- PCI: endpoint: Fix configfs group list head handling
(git-fixes).
- watchdog: ziirave_wdt: check record length in
ziirave_firm_verify() (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing
unmap (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field()
(git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev()
(git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists
(git-fixes).
- soundwire: stream: restore params when prepare ports fail
(git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is
not set (git-fixes).
- power: supply: cpcap-charger: Fix null check for
power_supply_get_by_name (git-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion
15-eg0xxx (stable-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of
struct can_priv::do_set_mode (git-fixes).
- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in
tcpm_src_attach (git-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux
properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode
(stable-fixes).
- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).
- can: dev: can_restart(): move debug message and stats after
successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto
(stable-fixes).
- commit 0f0c0d9
- btrfs: don't silently ignore unexpected extent type when
replaying log (git-fixes).
- commit e423498
- btrfs: fix invalid inode pointer dereferences during log replay
(git-fixes).
- commit 78cbba9
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- commit b3a9472
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- commit f8c05a9
- btrfs: return a btrfs_inode from btrfs_iget_logging()
(git-fixes).
- commit 88ed97b
- btrfs: use NOFS context when getting inodes during logging
and log replay (git-fixes).
- commit 88eb1d5
- virtio-net: ensure the received length does not exceed allocated
size (CVE-2025-38375 bsc#1247177).
- commit 2adf745
- btrfs: update superblock's device bytes_used when dropping chunk
(git-fixes).
- commit e33076b
- Update
patches.suse/0001-mm-hugetlb-fix-huge_pmd_unshare-vs-GUP-fast-race.patch
(bsc#1245431 CVE-2025-38085 bsc#1245499).
- Update
patches.suse/0001-mm-hugetlb-unshare-page-tables-during-VMA-split-not-.patch
(bsc#1245431 CVE-2025-38084 bsc#1245498).
- Update
patches.suse/ACPI-CPPC-Fix-NULL-pointer-dereference-when-nosmp-is.patch
(git-fixes CVE-2025-38113 bsc#1245683).
- Update
patches.suse/ACPICA-Refuse-to-evaluate-a-method-if-arguments-are-.patch
(stable-fixes CVE-2025-38386 bsc#1247138).
- Update
patches.suse/ACPICA-fix-acpi-operand-cache-leak-in-dswstate.c.patch
(stable-fixes CVE-2025-38345 bsc#1246337).
- Update
patches.suse/ACPICA-fix-acpi-parse-and-parseext-cache-leaks.patch
(stable-fixes CVE-2025-38344 bsc#1246334).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-read-in-snd_usb_get.patch
(git-fixes CVE-2025-38249 bsc#1246171).
- Update
patches.suse/ASoC-Intel-avs-Verify-content-returned-by-parse_int_.patch
(git-fixes CVE-2025-38307 bsc#1246364).
- Update
patches.suse/ASoC-codecs-wcd9335-Fix-missing-free-of-regulator-su.patch
(git-fixes CVE-2025-38259 bsc#1246220).
- Update
patches.suse/Bluetooth-Fix-NULL-pointer-deference-on-eir_get_serv.patch
(git-fixes CVE-2025-38304 bsc#1246240).
- Update
patches.suse/Bluetooth-Fix-null-ptr-deref-in-l2cap_sock_resume_cb.patch
(git-fixes CVE-2025-38473 bsc#1247289).
- Update
patches.suse/Bluetooth-MGMT-Fix-UAF-on-mgmt_remove_adv_monitor_co.patch
(git-fixes CVE-2025-38118 bsc#1245670).
- Update
patches.suse/HID-core-do-not-bypass-hid_hw_raw_request.patch
(stable-fixes CVE-2025-38494 bsc#1247349).
- Update
patches.suse/HID-core-ensure-the-allocated-report-buffer-can-cont.patch
(stable-fixes CVE-2025-38495 bsc#1247348).
- Update
patches.suse/IB-mlx5-Fix-potential-deadlock-in-MR-deregistration.patch
(git-fixes CVE-2025-38373 bsc#1247033).
- Update
patches.suse/Input-ims-pcu-check-record-size-in-ims_pcu_flash_fir.patch
(git-fixes CVE-2025-38428 bsc#1247150).
- Update
patches.suse/NFC-nci-uart-Set-tty-disc_data-only-in-success-path.patch
(git-fixes CVE-2025-38416 bsc#1247151).
- Update
patches.suse/NFSv4-pNFS-Fix-a-race-to-wake-on-NFS_LAYOUT_DRAIN.patch
(git-fixes CVE-2025-38393 bsc#1247170).
- Update
patches.suse/RDMA-cma-Fix-hang-when-cma_netevent_callback-fails-t.patch
(git-fixes CVE-2025-38151 bsc#1245745).
- Update
patches.suse/RDMA-iwcm-Fix-use-after-free-of-work-objects-after-c.patch
(git-fixes CVE-2025-38211 bsc#1246008).
- Update
patches.suse/RDMA-mlx5-Fix-error-flow-upon-firmware-failure-for-R.patch
(git-fixes CVE-2025-38161 bsc#1245777).
- Update
patches.suse/RDMA-mlx5-Initialize-obj_event-obj_sub_list-before-x.patch
(git-fixes CVE-2025-38387 bsc#1247154).
- Update
patches.suse/Squashfs-check-return-result-of-sb_min_blocksize.patch
(git-fixes CVE-2025-38415 bsc#1247147).
- Update
patches.suse/VMCI-fix-race-between-vmci_host_setup_notify-and-vmc.patch
(git-fixes CVE-2025-38102 bsc#1245669).
- Update
patches.suse/aoe-clean-device-rq_list-in-aoedev_downdev.patch
(git-fixes CVE-2025-38326 bsc#1246490).
- Update
patches.suse/ata-pata_via-Force-PIO-for-ATAPI-devices-on-VT6415-V.patch
(stable-fixes CVE-2025-38336 bsc#1246370).
- Update
patches.suse/backlight-pm8941-Add-NULL-check-in-wled_configure.patch
(git-fixes CVE-2025-38143 bsc#1245714).
- Update patches.suse/bnxt-properly-flush-XDP-redirect-lists.patch
(git-fixes CVE-2025-38246 bsc#1246195).
- Update
patches.suse/bpf-sockmap-Fix-panic-when-calling-skb_linearize.patch
(bsc#1245749 CVE-2025-38154 CVE-2025-38165 bsc#1245757).
- Update patches.suse/bus-fsl-mc-fix-double-free-on-mc_dev.patch
(git-fixes CVE-2025-38313 bsc#1246342).
- Update
patches.suse/calipso-Fix-null-ptr-deref-in-calipso_req_-set-del-a.patch
(git-fixes CVE-2025-38181 bsc#1246000).
- Update
patches.suse/comedi-Fail-COMEDI_INSNLIST-ioctl-if-n_insns-is-too-.patch
(git-fixes CVE-2025-38481 bsc#1247276).
- Update
patches.suse/comedi-Fix-initialization-of-data-for-instructions-t.patch
(git-fixes CVE-2025-38478 bsc#1247273).
- Update
patches.suse/comedi-Fix-use-of-uninitialized-data-in-insn_rw_emul.patch
(git-fixes CVE-2025-38480 bsc#1247274).
- Update
patches.suse/comedi-das16m1-Fix-bit-shift-out-of-bounds.patch
(git-fixes CVE-2025-38483 bsc#1247278).
- Update
patches.suse/comedi-das6402-Fix-bit-shift-out-of-bounds.patch
(git-fixes CVE-2025-38482 bsc#1247277).
- Update
patches.suse/crypto-marvell-cesa-Handle-zero-length-skcipher-requ.patch
(git-fixes CVE-2025-38173 bsc#1245769).
- Update
patches.suse/crypto-sun8i-ce-cipher-fix-error-handling-in-sun8i_c.patch
(git-fixes CVE-2025-38300 bsc#1246349).
- Update patches.suse/dm-bufio-fix-sched-in-atomic-context.patch
(git-fixes CVE-2025-38496 bsc#1247284).
- Update
patches.suse/dma-buf-insert-memory-barrier-before-updating-num_fe.patch
(git-fixes CVE-2025-38095 bsc#1245658).
- Update
patches.suse/dmaengine-idxd-Check-availability-of-workqueue-alloc.patch
(stable-fixes CVE-2025-38369 bsc#1247209).
- Update
patches.suse/dmaengine-ti-Add-NULL-check-in-udma_probe.patch
(git-fixes CVE-2025-38138 bsc#1245719).
- Update
patches.suse/drivers-rapidio-rio_cm.c-prevent-possible-heap-overw.patch
(stable-fixes CVE-2025-38090 bsc#1245510).
- Update
patches.suse/drm-amd-display-Add-null-pointer-check-for-get_first.patch
(git-fixes CVE-2025-38362 bsc#1247089).
- Update
patches.suse/drm-amd-pp-Fix-potential-NULL-pointer-dereference-in.patch
(git-fixes CVE-2025-38319 bsc#1246243).
- Update
patches.suse/drm-exynos-exynos7_drm_decon-add-vblank-check-in-IRQ.patch
(git-fixes CVE-2025-38467 bsc#1247146).
- Update
patches.suse/drm-gem-Acquire-references-on-GEM-handles-for-frameb.patch
(stable-fixes CVE-2025-38449 bsc#1247255).
- Update
patches.suse/drm-i915-gt-Fix-timeline-left-held-on-VMA-alloc-erro.patch
(git-fixes CVE-2025-38389 bsc#1247153).
- Update
patches.suse/drm-msm-Fix-a-fence-leak-in-submit-error-path.patch
(stable-fixes CVE-2025-38410 bsc#1247128).
- Update
patches.suse/drm-msm-Fix-another-leak-in-the-submit-error-path.patch
(stable-fixes CVE-2025-38409 bsc#1247285).
- Update
patches.suse/drm-msm-gpu-Fix-crash-when-throttling-GPU-immediatel.patch
(git-fixes CVE-2025-38354 bsc#1247061).
- Update
patches.suse/drm-scheduler-signal-scheduled-fence-when-kill-job.patch
(stable-fixes CVE-2025-38436 bsc#1247227).
- Update
patches.suse/drm-tegra-Fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2025-38363 bsc#1247018).
- Update
patches.suse/fbcon-Make-sure-modelist-not-set-on-unregistered-con.patch
(stable-fixes CVE-2025-38198 bsc#1245952).
- Update
patches.suse/fbdev-Fix-do_register_framebuffer-to-prevent-null-pt.patch
(git-fixes CVE-2025-38215 bsc#1246109).
- Update
patches.suse/fbdev-Fix-fb_set_var-to-prevent-null-ptr-deref-in-fb.patch
(git-fixes CVE-2025-38214 bsc#1246042).
- Update
patches.suse/fbdev-core-fbcvt-avoid-division-by-0-in-fb_cvt_hperi.patch
(git-fixes CVE-2025-38312 bsc#1246386).
- Update
patches.suse/fs-nfs-read-fix-double-unlock-bug-in-nfs_return_empty_folio.patch
(git-fixes CVE-2025-38338 bsc#1246258).
- Update
patches.suse/gve-add-missing-NULL-check-for-gve_alloc_pending_pac.patch
(git-fixes CVE-2025-38122 bsc#1245746).
- Update
patches.suse/hwmon-asus-ec-sensors-check-sensor-index-in-read_str.patch
(git-fixes CVE-2025-38142 bsc#1245713).
- Update
patches.suse/hwmon-ftsteutates-Fix-TOCTOU-race-in-fts_read.patch
(git-fixes CVE-2025-38217 bsc#1246002).
- Update
patches.suse/i2c-designware-Fix-an-initialization-issue.patch
(git-fixes CVE-2025-38380 bsc#1247028).
- Update
patches.suse/i2c-tegra-check-msg-length-in-SMBUS-block-read.patch
(bsc#1242086 CVE-2025-38425 bsc#1247251).
- Update
patches.suse/ice-fix-Tx-scheduler-error-handling-in-XDP-callback.patch
(git-fixes CVE-2025-38127 bsc#1245705).
- Update
patches.suse/iio-accel-fxls8962af-Fix-use-after-free-in-fxls8962a.patch
(git-fixes CVE-2025-38485 bsc#1247236).
- Update
patches.suse/jffs2-check-jffs2_prealloc_raw_node_refs-result-in-few-other-places.patch
(git-fixes CVE-2025-38328 bsc#1246249).
- Update
patches.suse/jffs2-check-that-raw-node-were-preallocated-before-writing-summary.patch
(git-fixes CVE-2025-38194 bsc#1245957).
- Update
patches.suse/media-cxusb-no-longer-judge-rbuf-when-the-write-fail.patch
(git-fixes CVE-2025-38229 bsc#1246049).
- Update
patches.suse/media-imx-jpeg-Cleanup-after-an-allocation-error.patch
(git-fixes CVE-2025-38225 bsc#1246041).
- Update
patches.suse/media-vidtv-Terminating-the-subsequent-process-of-in.patch
(git-fixes CVE-2025-38227 bsc#1246031).
- Update
patches.suse/media-vivid-Change-the-siize-of-the-composing.patch
(git-fixes CVE-2025-38226 bsc#1246050).
- Update
patches.suse/mtd-nand-ecc-mxic-Fix-use-of-uninitialized-variable-.patch
(git-fixes CVE-2025-38277 bsc#1246246).
- Update
patches.suse/mtd-spinand-fix-memory-leak-of-ECC-engine-conf.patch
(stable-fixes CVE-2025-38384 bsc#1247035).
- Update
patches.suse/mtk-sd-Prevent-memory-corruption-from-DMA-map-failur.patch
(git-fixes CVE-2025-38401 bsc#1247125).
- Update
patches.suse/nbd-fix-uaf-in-nbd_genl_connect-error-path.patch
(git-fixes CVE-2025-38443 bsc#1247164).
- Update patches.suse/net-Fix-TOCTOU-issue-in-sk_is_readable.patch
(git-fixes CVE-2025-38112 bsc#1245668).
- Update
patches.suse/net-fix-udp-gso-skb_segment-after-pull-from-frag_lis.patch
(git-fixes CVE-2025-38124 bsc#1245690).
- Update
patches.suse/net-mdiobus-Fix-potential-out-of-bounds-clause-45-re.patch
(git-fixes CVE-2025-38110 bsc#1245665).
- Update
patches.suse/net-mdiobus-Fix-potential-out-of-bounds-read-write-a.patch
(git-fixes CVE-2025-38111 bsc#1245666).
- Update
patches.suse/net-mlx5-Fix-ECVF-vports-unload-on-shutdown-flow.patch
(git-fixes CVE-2025-38109 bsc#1245684).
- Update
patches.suse/net-phy-clear-phydev-devlink-when-the-link-is-delete.patch
(git-fixes CVE-2025-38149 bsc#1245737).
- Update
patches.suse/net-phy-mscc-Fix-memory-leak-when-using-one-step-tim.patch
(git-fixes CVE-2025-38148 bsc#1245735).
- Update
patches.suse/net-sched-Return-NULL-when-htb_lookup_leaf-encounter.patch
(git-fixes CVE-2025-38468 bsc#1247437).
- Update
patches.suse/net-sched-fix-use-after-free-in-taprio_dev_notifier.patch
(git-fixes CVE-2025-38087 bsc#1245504).
- Update
patches.suse/net-sched-sch_qfq-Fix-race-condition-on-qfq_aggregat.patch
(git-fixes CVE-2025-38477 bsc#1247314).
- Update
patches.suse/net-tipc-fix-refcount-warning-in-tipc_aead_encrypt.patch
(CVE-2025-38052 bsc#1244749 CVE-2025-38273 bsc#1246266).
- Update
patches.suse/net-usb-aqc111-fix-error-handling-of-usbnet-read-cal.patch
(git-fixes CVE-2025-38153 bsc#1245744).
- Update
patches.suse/net-usb-lan78xx-fix-WARN-in-__netif_napi_del_locked-.patch
(git-fixes CVE-2025-38385 bsc#1247149).
- Update patches.suse/net-wwan-t7xx-Fix-napi-rx-poll-issue.patch
(git-fixes CVE-2025-38123 bsc#1245688).
- Update
patches.suse/net_sched-ets-fix-a-race-in-ets_qdisc_change.patch
(git-fixes CVE-2025-38107 bsc#1245676).
- Update
patches.suse/net_sched-red-fix-a-race-in-__red_change.patch
(git-fixes CVE-2025-38108 bsc#1245675).
- Update
patches.suse/net_sched-sch_sfq-reject-invalid-perturb-period.patch
(git-fixes CVE-2025-38193 bsc#1245945).
- Update
patches.suse/netfilter-nf_set_pipapo_avx2-fix-initial-map-fill.patch
(git-fixes CVE-2024-57947 bsc#1236333 CVE-2025-38120
bsc#1245711).
- Update
patches.suse/nfs-Clean-up-proc-net-rpc-nfs-when-nfs_fs_proc_net_init-fails.patch
(git-fixes CVE-2025-38400 bsc#1247123).
- Update
patches.suse/nfsd-Initialize-ssc-before-laundromat_work-to-prevent-NULL-dereference.patch
(git-fixes CVE-2025-38231 bsc#1246055).
- Update
patches.suse/nfsd-nfsd4_spo_must_allow-must-check-this-is-a-v4-compound-request.patch
(git-fixes CVE-2025-38430 bsc#1247160).
- Update
patches.suse/page_pool-Fix-use-after-free-in-page_pool_recycle_in.patch
(git-fixes CVE-2025-38129 bsc#1245723).
- Update patches.suse/perf-Fix-sample-vs-do_exit.patch
(bsc#1246547 CVE-2025-38424 bsc#1247293).
- Update
patches.suse/phy-qcom-qmp-usb-Fix-an-NULL-vs-IS_ERR-bug.patch
(git-fixes CVE-2025-38275 bsc#1246236).
- Update
patches.suse/pinctrl-at91-Fix-possible-out-of-boundary-access.patch
(git-fixes CVE-2025-38286 bsc#1246283).
- Update
patches.suse/platform-x86-dell-wmi-sysman-Fix-WMI-data-block-retr.patch
(git-fixes CVE-2025-38412 bsc#1247132).
- Update patches.suse/platform-x86-dell_rbu-Fix-list-usage.patch
(git-fixes CVE-2025-38197 bsc#1246047).
- Update
patches.suse/powerpc-powernv-memtrace-Fix-out-of-bounds-issue-in-.patch
(bsc#1244309 ltc#213790 CVE-2025-38088 bsc#1245506).
- Update
patches.suse/ptp-remove-ptp-n_vclocks-check-logic-in-ptp_vclock_i.patch
(git-fixes CVE-2025-38305 bsc#1246358).
- Update
patches.suse/regulator-gpio-Fix-the-out-of-bounds-access-to-drvda.patch
(git-fixes CVE-2025-38395 bsc#1247171).
- Update
patches.suse/rose-fix-dangling-neighbour-pointers-in-rose_rt_devi.patch
(git-fixes CVE-2025-38377 bsc#1247174).
- Update
patches.suse/rpl-Fix-use-after-free-in-rpl_do_srh_inline.patch
(git-fixes CVE-2025-38476 bsc#1247317).
- Update
patches.suse/s390-bpf-Fix-bpf_arch_text_poke-with-new_addr-NULL-again.patch
(git-fixes bsc#1246870 CVE-2025-38489 bsc#1247241).
- Update
patches.suse/s390-pkey-Prevent-overflow-in-size-calculation-for-memdup_.patch
(git-fixes bsc#1245598 CVE-2025-38257 bsc#1246186).
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- Update
patches.suse/scsi-lpfc-Avoid-potential-ndlp-use-after-free-in-dev.patch
(bsc#1242993 CVE-2025-38289 bsc#1246287).
- Update patches.suse/scsi-lpfc-Use-memcpy-for-BIOS-version.patch
(bsc#1240966 CVE-2025-38332 bsc#1246375).
- Update
patches.suse/serial-Fix-potential-null-ptr-deref-in-mlb_usio_prob.patch
(git-fixes CVE-2025-38135 bsc#1246023).
- Update
patches.suse/soc-aspeed-Add-NULL-check-in-aspeed_lpc_enable_snoop.patch
(git-fixes CVE-2025-38145 bsc#1245765).
- Update
patches.suse/soc-aspeed-lpc-snoop-Don-t-disable-channels-that-are.patch
(git-fixes CVE-2025-38487 bsc#1247238).
- Update
patches.suse/software-node-Correct-a-OOB-check-in-software_node_g.patch
(stable-fixes CVE-2025-38342 bsc#1246453).
- Update
patches.suse/sunrpc-handle-SVC_GARBAGE-during-svc-auth-processing-as-auth-error.patch
(git-fixes CVE-2025-38089 bsc#1245508).
- Update
patches.suse/thunderbolt-Do-not-double-dequeue-a-configuration-re.patch
(stable-fixes CVE-2025-38174 bsc#1245781).
- Update
patches.suse/usb-chipidea-udc-disconnect-reconnect-from-host-when.patch
(git-fixes CVE-2025-38376 bsc#1247176).
- Update
patches.suse/usb-gadget-u_serial-Fix-race-condition-in-TTY-wakeup.patch
(git-fixes CVE-2025-38448 bsc#1247233).
- Update
patches.suse/usb-net-sierra-check-for-no-status-endpoint.patch
(git-fixes CVE-2025-38474 bsc#1247311).
- Update
patches.suse/usb-renesas_usbhs-Reorder-clock-handling-and-power-m.patch
(git-fixes CVE-2025-38136 bsc#1245691).
- Update
patches.suse/usb-typec-altmodes-displayport-do-not-index-invalid-.patch
(git-fixes CVE-2025-38391 bsc#1247181).
- Update
patches.suse/usb-typec-displayport-Fix-potential-deadlock.patch
(git-fixes CVE-2025-38404 bsc#1247271).
- Update
patches.suse/vgacon-Add-check-for-vc_origin-address-range-in-vgac.patch
(git-fixes CVE-2025-38213 bsc#1246037).
- Update
patches.suse/wifi-ath11k-fix-node-corruption-in-ar-arvifs-list.patch
(git-fixes CVE-2025-38293 bsc#1246292).
- Update
patches.suse/wifi-ath12k-fix-invalid-access-to-memory.patch
(git-fixes CVE-2025-38292 bsc#1246295).
- Update
patches.suse/wifi-ath12k-fix-node-corruption-in-ar-arvifs-list.patch
(git-fixes CVE-2025-38290 bsc#1246293).
- Update
patches.suse/wifi-ath6kl-remove-WARN-on-bad-firmware-input.patch
(stable-fixes CVE-2025-38406 bsc#1247210).
- Update
patches.suse/wifi-ath9k_htc-Abort-software-beacon-handling-if-dis.patch
(git-fixes CVE-2025-38157 bsc#1245747).
- Update
patches.suse/wifi-carl9170-do-not-ping-device-which-has-failed-to.patch
(git-fixes CVE-2025-38420 bsc#1247279).
- Update
patches.suse/wifi-mt76-mt7915-Fix-null-ptr-deref-in-mt7915_mmio_w.patch
(git-fixes CVE-2025-38155 bsc#1245748).
- Update
patches.suse/wifi-mt76-mt7996-drop-fragments-with-multicast-or-br.patch
(stable-fixes CVE-2025-38343 bsc#1246438).
- Update
patches.suse/wifi-p54-prevent-buffer-overflow-in-p54_rx_eeprom_re.patch
(git-fixes CVE-2025-38348 bsc#1246262).
- Update
patches.suse/wifi-rtw88-fix-the-para-buffer-size-to-avoid-reading.patch
(git-fixes CVE-2025-38159 bsc#1245751).
- commit de345c9
- Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
(bsc#1219338).
- sched,freezer: Remove unnecessary warning in __thaw_task
(bsc#1219338).
- commit 108588a
- ipv6: fix possible infinite loop in fib6_info_uses_dev()
(git-fixes).
- commit 16f1f6e
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- commit cb535e8
- net/sched: Restrict conditions for adding duplicating netems
to qdisc tree (git-fixes).
- commit 6fae648
- Refresh
patches.suse/af_unix-Disable-MSG_OOB-for-unprivileged-users.patch.
Add cmdline override.
- commit 4b6e594
- af_unix: Disable MSG_OOB for unprivileged users (CVE-2025-38236
bsc#1246093).
- commit 6110a63
- fs/orangefs: Allow 2 more characters in do_c_string()
(git-fixes).
- commit 642fa26
- jfs: fix metapage reference count leak in dbAllocCtl
(git-fixes).
- commit 58c926b
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- commit 468e2ae
- bus: mhi: ep: Update read pointer only after buffer is written
(CVE-2025-38429 bsc#1247253).
- commit 3341565
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (git-fixes).
- commit 3d8385a
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- commit fe9eb0f
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- commit 27f7700
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- commit 80ddfd8
- media: venus: vdec: Clamp param smaller than 1fps and bigger
than 240 (git-fixes).
- commit 1212a93
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- commit 2d80ddf
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from
spinand_write_page() (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map
(git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address
(git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map
(git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq
(git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered
correctly (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register()
(git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
(git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid
(git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: hi556: correct the test pattern configuration
(git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown
(git-fixes).
- media: venus: Add a check for packet size after reading from
shared memory (git-fixes).
- media: venus: protect against spurious interrupts during probe
(git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger
than 240 (git-fixes).
- media: v4l2-ctrls: Don't reset handler's error in
v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
(git-fixes).
- media: imx: fix a potential memory leak in
imx_media_csc_scaler_device_init() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in
rain_interrupt() (git-fixes).
- media: gspca: Add bounds checking to firmware parser
(git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in
uvc_parse_format() (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next()
(git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices
(git-fixes).
- crypto: qat - flush misc workqueue during device shutdown
(git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5
(git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko
(git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value
(git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: qat - fix state restore for banks with exceptions
(git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU
(git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg()
(git-fixes).
- commit 8f3fb2a
- Move upstreamed SCSI and ACPI patches into sorted section
- commit 09d9d7c
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- commit ced3c6d
- Update config files.
run_oldconfig, no functional change.
- commit 0b6044b
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- commit dce79bd
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- commit 90a067b
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- commit 927f6d6
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- commit c1be2f8
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- commit 2e9a431
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- commit ba6e757
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- commit 0d7fee3
- Fix dma_unmap_sg() nents value (git-fixes)
- commit 89d1cb0
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- commit c5238e7
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- commit 0d7ab5b
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- commit c162c8c
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- commit 3292115
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- commit 90f88d3
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- commit a812e80
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- commit 9dcd5e1
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- commit eaff4b0
- vsock: Fix transport_{g2h,h2g} TOCTOU (CVE-2025-38462
bsc#1247104).
- commit f5da768
- tcp: Correct signedness in skb remaining space calculation
(CVE-2025-38463 bsc#1247113).
- net/sched: Always pass notifications when child class becomes
empty (CVE-2025-38350 bsc#1246781).
- maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
(CVE-2025-38364 bsc#1247091).
- commit 7390872
- x86: UV RTC: Add parameter to disable RTC clocksource
(bsc#1241345).
- commit 79ccdce
- clocksource: Set cs_watchdog_read() checks based on
.uncertainty_margin (bsc#1241345 bsc#1244457).
- commit 09911af
- clocksource: Scale the watchdog read retries automatically
(bsc#1241345 bsc#1244457).
- Refresh
patches.suse/clocksource-Fix-brown-bag-boolean-thinko-in-cs_watch.patch.
- Refresh
patches.suse/clocksource-Make-watchdog-and-suspend-timing-multipl.patch.
- commit fdf040b
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
(git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start()
(stable-fixes).
- commit bb4c593
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and
value (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment
(git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel
(git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq
(git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
(git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction
(git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
(git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel
index (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports
(git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi
service bit (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in
ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full
(git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full
(git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure
(git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists
(git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to
missing P2P IE (git-fixes).
- Reapply "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()" (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in
ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Don't call fq_flow_idx() for management frames
(git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe
(git-fixes).
- wifi: mac80211: reject TDLS operations when station is not
associated (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in
wlc_lcnphy_common_read_table() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue
(git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue
(git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet
on unsupported 6 GHz band (git-fixes).
- commit 338f129
- usb: gadget: configfs: Fix OOB read on empty string write
(CVE-2025-38497 bsc#1247347).
- commit 96c22e3
- fs: export anon_inode_make_secure_inode() and fix secretmem
LSM bypass (CVE-2025-38396 bsc#1247156).
- commit 281f5f1
- wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
(CVE-2025-38414 bsc#1247145).
- commit be37365
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS
(git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind
(git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into
cxacru_heavy_init() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id()
(git-fixes).
- usb: typec: ucsi: Update power_supply on power role change
(git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup()
(git-fixes).
- cdc-acm: fix race between initial clearing halt and open
(git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique
(git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in
literal code block (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable
in xhci_plat_probe() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Don't process Unicode characters in K_OFF mode
(git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: nvec: Fix incorrect null termination of battery
manufacturer (git-fixes).
- staging: fbtft: fix potential memory leak in
fbtft_framebuffer_alloc() (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable
(git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs
(git-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card
is present (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads
(git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in
cros_ec_unregister() (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value
(git-fixes).
- ASoC: soc-dai: tidyup return value of
snd_soc_xlate_tdm_slot_mask() (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application
(git-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in
get_pd_power_uw() (git-fixes).
- PM / devfreq: Check governor before using governor->name
(git-fixes).
- commit fbd21ae
- apple-mfi-fastcharge: protect first device name (git-fixes).
- commit 903dc58
- vsock/vmci: Clear the vmci transport packet properly when
initializing it (CVE-2025-38403 bsc#1247141).
- commit 6379963
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation
is in-flight (CVE-2025-38455 bsc#1247101).
- commit ca76701
- vsock: Fix transport_* TOCTOU (CVE-2025-38461 bsc#1247103).
- commit 916fdd6
- eventpoll: don't decrement ep refcount while still holding
the ep mutex (bsc#1246777 CVE-2025-38349).
- commit 6c5e857
- jbd2: fix data-race and null-ptr-deref in
jbd2_journal_dirty_metadata() (bsc#1246253 CVE-2025-38337).
- commit 4cfb834
- ext4: inline: fix len overflow in ext4_prepare_inline_data
(bsc#1245976 CVE-2025-38222).
- commit bdddb2f
- ublk: santizize the arguments from userspace when adding a
device (bsc#1245937 CVE-2025-38182).
- commit c70260e
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under
mount_lock (bsc#1245151 CVE-2025-38058).
- commit 5d79b46
- xfs: remove unused trace event xfs_reflink_cow_enospc
(git-fixes).
- commit 43f2e3c
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT
is configure (git-fixes).
- commit 90cf0ff
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- commit 973d0e0
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- commit 92f5436
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- commit cce777b
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- commit 5b572bf
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- commit 4753b23
- xfs: remove unused xfs_attr events (git-fixes).
- commit 1b0cc0c
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- commit d855e56
- xfs: remove unused xfs_reflink_compare_extents events
(git-fixes).
- commit a7afc4b
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- commit b5dfc1b
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- commit 217c9f9
- xfs: remove unused trace event xfs_attr_remove_iter_return
(git-fixes).
- commit 70b1bc5
- NFSD: detect mismatch of file handle and delegation stateid
in OPEN op (git-fixes).
- commit 00b51c6
- nfsd: handle get_client_locked() failure in
nfsd4_setclientid_confirm() (git-fixes).
- commit b0cf612
- hfsplus: remove mutex_lock check in hfsplus_free_extents
(git-fixes).
- commit e14f374
- s390/entry: Fix last breaking event handling in case of stack
corruption (git-fixes bsc#1243806).
- commit d31e65a
- hfs: make splice write available again (git-fixes).
- commit 96498bf
- hfsplus: make splice write available again (git-fixes).
- commit 5121068
- Refresh
patches.suse/btrfs-always-fallback-to-buffered-write-if-the-inode.patch.
To remove an incorrectly generated file which is not utilized at all.
- commit 8e57a15
- btrfs: fix non-empty delayed iputs list on unmount due to
async workers (git-fixes).
- commit 285c1f5
- btrfs: fix assertion when building free space tree (git-fixes).
- commit a3fd65f
- btrfs: fix iteration of extrefs during log replay (bsc#1247031
CVE-2025-38382).
- commit 5e64fe6
- btrfs: fix missing error handling when searching for inode
refs during log replay (git-fixes).
- commit a8205e6
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait
(git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- commit 5a2e6c7
- btrfs: fix a race between renames and directory logging
(bsc#1247023 CVE-2025-38365).
- commit 322c28e
- supported.conf: move nvme-apple to optional again
- commit a3e3a0c
- llist: add interface to check if a node is on a list
(CVE-2025-38264 bsc#1246387).
- commit f06e99c
- nvme-tcp: sanitize request list handling (CVE-2025-38264
bsc#1246387).
- commit 33933f9
- supported.conf: sort entries again
- commit 2db834f
- supported.conf: add missing entries for armv7hl
- commit 3fcf489
- nilfs2: reject invalid file types when reading inodes
(git-fixes).
- commit b094111
- resource: fix false warning in __request_region() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in
fsl_mc_get_endpoint() (git-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM)
composition (stable-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
(stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
(stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS
(stable-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (stable-fixes).
- regulator: pwm-regulator: Calculate the output voltage for
disabled PWMs (stable-fixes).
- commit 829a426
- supported.conf: add missing entries explicitly
Those are implicitly added as unsupported. List up explicitly.
- commit 06a6015
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
Put the same workaround to avoid file truncation of vmlinux and co in
kernel-default-base package, too.
- commit 2329734
- iommu/vt-d: Fix possible circular locking dependency
(git-fixes).
- commit 0774c7d
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in
ti_sn_bridge_probe() (git-fixes).
- drm/sched: Remove optimization that causes hang when killing
dependent jobs (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered
among boots (git-fixes).
- commit 0083a37
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- commit 034e69f
- rpm/kernel-binary.spec.in: Ignore return code from ksymtypes compare
When using suse-kabi-tools, the RPM build invokes 'ksymvers compare' to
compare the resulting symbol CRCs with the reference data. If the values
differ, it then invokes 'ksymtypes compare' to provide a detailed report
explaining why the symbols differ. The build expects the latter
'ksymtypes compare' command to always return zero, even if the two
compared kABI corpuses are different.
This is currently the case for 'ksymtypes compare'. However, I plan to
update the command to return a non-zero code when the comparison detects
any differences. This should ensure consistent behavior with 'ksymvers
compare'.
Since the build uses 'ksymtypes compare' only for more detailed
diagnostics, ignore its return code.
- commit 5ac1381
- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- commit 1698a7c
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061 CVE-2025-21839).
- commit fe1f630
- net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272
bsc#1246268).
- commit ee16b59
- Refresh
patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch.
Fix following BPF selftests compilation error due to missing dependency.
/home/runner/work/libbpf/libbpf/.kernel/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c: In function ‘test_current_pid_tgid’:
/home/runner/work/libbpf/libbpf/.kernel/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c:31:9: error: invalid type argument of unary ‘*’ (have ‘pid_t’ {aka ‘int’})
31 | *pid = sys_gettid();
| ^~~~
- commit d85d5ff
- Delete
patches.suse/selftests-bpf-Add-tests-for-sdiv-smod-overflow-cases.patch.
The __arch_x86_64 macro is not yet supported in BPF selftests (depends
on c64d2f72bf2e "selftests/bpf: *_arch** macro to limit test cases to
specific archs"), so drop tests that uses it.
- commit 55e800e
- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete
(git-fixes).
- commit 7a089da
- hci_dev centralize extra lock (CVE-2025-38117 bsc#1245695).
- commit 892de21
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock
(CVE-2025-38117 bsc#1245695).
- commit e0d8b29
- Bluetooth: hci_sync: Introduce
hci_cmd_sync_run/hci_cmd_sync_run_once (CVE-2025-38117
bsc#1245695).
- commit c86dd9a
- Bluetooth: hci_core: Make hci_is_le_conn_scanning public
(CVE-2025-38117 bsc#1245695).
- Refresh
patches.suse/Bluetooth-hci_sync-Use-QoS-to-determine-which-PHY-to.patch.
- commit 566b348
- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL
(git-fixes).
- commit 79fc3de
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- gpio: vf610: add locking to gpio direction functions
(git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO
(git-fixes).
- gpiolib: cdev: Ignore reconfiguration without direction
(git-fixes).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding
parent node match (bsc#1233300).
- gpiolib: Fix debug messaging in gpiod_find_and_request()
(git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config()
(git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpiolib: acpi: Don't use GPIO chip fwnode in
acpi_gpiochip_find() (bsc#1233300).
- commit 75afc01
- Bluetooth: MGMT: convert timeouts to secs_to_jiffies()
(CVE-2025-38117 bsc#1245695).
- commit 3e2758a
- bluetooth: mgmt: convert timeouts to secs_to_jiffies()
(CVE-2025-38117 bsc#1245695).
- commit b8976eb
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again
(git-fixes bsc#1246870).
- commit 8e4fb25
- Fix build warning
Refresh
patches.suse/mm-hugetlb-fix-DEBUG_LOCKS_WARN_ON-1-when-dissolve_f.patch.
- commit ccb6e90
- Bluetooth: MGMT: Fix not generating command complete for
MGMT_OP_DISCONNECT (git-fixes).
- Refresh
patches.suse/Bluetooth-hci_event-Fix-not-using-key-encryption-siz.patch.
- commit 6f743e7
- Bluetooth: hci_sync: Attempt to dequeue connection attempt
(git-fixes).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-slab-use-after-free-Read-in-l2ca.patch.
- Refresh
patches.suse/Bluetooth-hci_event-Fix-not-using-key-encryption-siz.patch.
- Refresh
patches.suse/Bluetooth-hci_sync-Fix-UAF-in-hci_acl_create_conn_sy.patch.
- commit 22a7d25
- Bluetooth: hci_conn: Fix sending
BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- commit defb49e
- Bluetooth: mgmt: remove NULL check in
add_ext_adv_params_complete() (CVE-2025-38117 bsc#1245695).
- Bluetooth: mgmt: remove NULL check in
mgmt_set_connectable_complete() (CVE-2025-38117 bsc#1245695).
- commit 3217653
- bluetooth: restore le_scan_restart in struct hci_dev
(CVE-2025-38117 bsc#1245695).
- commit 7e7eb69
- Bluetooth: hci_core: Remove le_restart_scan work (CVE-2025-38117
bsc#1245695).
- commit 9530108
- Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
(CVE-2025-38335 bsc#1246250).
- commit 4b421f0
- Correctly put RDMA kabi patch into patches.kabi instead of patches.suse
- commit 0433d1f
- kABI workaround for bluetooth hci_dev changes (CVE-2025-38250
bsc#1246182).
- commit 2bfeee5
- Bluetooth: hci_core: Fix use-after-free in vhci_flush()
(CVE-2025-38250 bsc#1246182).
- commit 45dea35
- selftests/bpf: Support more socket types in create_pair()
(bsc#1239470 CVE-2025-21854).
- selftests/bpf: Refactor out helper functions for a few tests
(bsc#1239470 CVE-2025-21854).
- commit 21d7fea
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when
dissolve_free_hugetlb_folio() (bsc#1225707 CVE-2024-36028).
- commit ce47e5b
- Delete
patches.suse/selftest-bpf-Add-test-for-af_vsock-poll.patch.
It requires the "bpf_program__attach_sockmap" API in libbpf, which isn't
backported.
- Refresh patches.suse/selftest-bpf-Add-vsock-test-for-sockmap-rejecting-un.patch
- commit a7dddad
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- usb: hub: Don't try to recover devices lost during warm reset
(git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops()
(git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- comedi: Fix initialization of data for instructions that write
to subdevice (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
(git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
(git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: accel: fxls8962af: Fix use after free in
fxls8962af_fifo_flush (git-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler
(git-fixes).
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- Input: xpad - set correct controller type for Acer NGR200
(git-fixes).
- commit 08dfa63
- jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044
CVE-2025-38203).
- commit e88ea13
- hwmon: (corsair-cpro) Validate the size of the received input
buffer (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume
(git-fixes).
- soundwire: amd: fix for clearing command status register
(git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe()
(git-fixes).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI
PHY mode (git-fixes).
- memstick: core: Zero initialize id_reg in
h_memstick_read_dev_id() (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel
GLK-based Positivo models (git-fixes).
- commit 0d9aae2
- net/sched: Return NULL when htb_lookup_leaf encounters an
empty rbtree (git-fixes).
- commit fb42307
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
(git-fixes).
- commit 505c14c
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- commit 3342938
- af_packet: fix the SO_SNDTIMEO constraint not effective on
tpacked_snd() (git-fixes).
- commit 877c186
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
(git-fixes).
- commit 2e8a829
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- commit 7b3cefa
- drm/framebuffer: Acquire internal references on GEM handles
(git-fixes).
- commit 736ff8d
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
(git-fixes).
- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855
GF variant without board ID (git-fixes).
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
(git-fixes).
- Bluetooth: SMP: If an unallowed command is received consider
it a failure (git-fixes).
- Bluetooth: hci_sync: fix connectable extended advertising when
using static random address (git-fixes).
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
(git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- net: phy: Don't register LEDs for genphy (git-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail()
(stable-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- Revert "ACPI: battery: negate current when discharging"
(stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers
(stable-fixes).
- vt: add missing notification when switching back to text mode
(stable-fixes).
- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
(stable-fixes).
- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop
15-eg100 (stable-fixes).
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard
Gen2 (stable-fixes).
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
(stable-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf()
variant (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- commit b8ce602
- Refresh
patches.suse/selftests-bpf-Add-tests-for-iter-next-method-returni.patch.
Fix BPF selftests build failure in progs/iters_testmod.c due to missing
definition of 'struct bpf_iter_task_vma' and 'bpf_iter_task_vma()'.
- commit ca03a47
- ptp: fix breakage after ptp_vclock_in_use() rework
(bsc#1246506).
- commit 001cddf
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- commit 9c296c1
- soc: aspeed: lpc-snoop: Don't disable channels that aren't
enabled (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order
(git-fixes).
- HID: core: ensure __hid_request reserves the report ID as the
first byte (git-fixes).
- commit 5cd5cd3
- drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (CVE-2025-38188
bsc#1246098).
- drm/msm/a6xx+: Insert a fence wait before SMMU table update
(CVE-2025-38188 bsc#1246098).
- commit e22ddaf
- x86/iopl: Cure TIF_IO_BITMAP inconsistencies (CVE-2025-38100
bsc#1245650).
- commit 143bbc6
- Bluetooth: eir: Fix possible crashes on eir_create_adv_data
(CVE-2025-38303 bsc#1246354).
- commit 89447f6
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- commit 8647d2c
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- commit 32e19f5
- btrfs: harden block_group::bg_list against list_del() races (CVE-2025-37856 bsc#1243068)
- commit 3333359
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (CVE-2025-38034 bsc#1244792)
- commit 55c0ec4
- btrfs: do not BUG_ON() when freeing tree block after error (CVE-2024-44963 1230216)
- commit d292416
- config: enable RBD (jsc#PED-13238)
- commit 9e8693b
- scsi: megaraid_sas: Fix invalid node index (CVE-2025-38239
bsc#1246178).
- seg6: Fix validation of nexthop addresses (CVE-2025-38310
bsc#1246361).
- x86/sgx: Prevent attempts to reclaim poisoned pages
(CVE-2025-38334 bsc#1246384).
- commit 740f6c2
- selftests/bpf: Add tests with stack ptr register in conditional
jmp (bsc#1246264 CVE-2025-38279).
- bpf: Do not include stack ptr register in precision backtracking
bookkeeping (bsc#1246264 CVE-2025-38279).
- Refresh patches.kabi/bpf-verifier-kABI-workarounds.patch
- commit ccc2c5b
- bridge: mcast: Fix use-after-free during router port
configuration (CVE-2025-38248 bsc#1246173).
- net: stmmac: make sure that ptp_rate is not 0 before configuring
timestamping (CVE-2025-38126 bsc#1245708).
- bpf: fix ktls panic with sockmap (CVE-2025-38166 bsc#1245758).
- commit 01133bb
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- commit 8746ec5
- scsi: core: Enforce unlimited max_segment_size when
virt_boundary_mask is set (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in
qla4xxx_alloc_pdu() (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in
qla24xx_get_port_database() (git-fixes).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- commit 2e07501
- dm-bufio: fix sched in atomic context (git-fixes).
- commit c664ddf
- Update
patches.suse/nvme-pci-fix-queue-unquiesce-check-on-slot_reset.patch
(git-fixes bsc#1240885).
- commit 08c0025
- perf: Fix sample vs do_exit() (bsc#1246547).
- commit 5327721
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging
(git-fixes).
- commit c5d3460
- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260
bsc#1243100 bsc#1246125).
- commit 58f7c6e
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260
bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions
(bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions
(bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before
lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in
dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up
to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed
lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100
bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected
statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set
(bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport
structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages
(bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests
(bsc#1245260 bsc#1243100 bsc#1246125).
- commit 14dcfed
- Update
patches.suse/net-clear-the-dst-when-changing-skb-protocol.patch
(bsc#1245954 CVE-2025-38192).
Fix incorrect CVE reference.
- commit 288e8f6
- drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951 CVE-2025-38187)
- commit 62c6956
- bpf: Check rcu_read_lock_trace_held() in
bpf_map_lookup_percpu_elem() (bsc#1245980 CVE-2025-38202).
- commit 630834e
- selftest/bpf/benchs: Add benchmark for sockmap usage
(bsc#1245749 CVE-2025-38154).
- commit ac96089
- bpf, sockmap: Avoid using sk_socket after free when sending
(bsc#1245749 CVE-2025-38154).
- bpf, sockmap: Fix panic when calling skb_linearize (bsc#1245749
CVE-2025-38154).
- bpf, sockmap: fix duplicated data transmission (bsc#1245749
CVE-2025-38154).
- bpf, sockmap: Fix data lost during EAGAIN retries (bsc#1245749
CVE-2025-38154).
- commit bc1361f
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- commit 44b4ba3
- bpf/selftests: Check errno when percpu map value size exceeds
(git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- commit 81feacb
- bpftool: Fix undefined behavior caused by shifting into the
sign bit (git-fixes).
- commit 9363920
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit 9ff5b2e
- calipso: unlock rcu before returning -EAFNOSUPPORT
(CVE-2025-38147 bsc#1245768).
- calipso: Don't call calipso functions for AF_INET sk
(CVE-2025-38147 bsc#1245768).
- commit 74ee184
- ucsi_operations: add stubs for all operations (git-fixes).
- commit 1e9baf6
- drm/amd/display: Don't treat wb connector as physical in (bsc#1245654 CVE-2025-38098)
- commit 277f764
- selftests/bpf: Add tests for iter next method returning valid
pointer (git-fixes).
- bpf: Make the pointer returned by iter next method valid
(git-fixes).
- commit fcdc4ee
- hisi_acc_vfio_pci: bugfix live migration function without VF
device driver (CVE-2025-38283 bsc#1246273).
- configfs-tsm-report: Fix NULL dereference of tsm_ops
(CVE-2025-38210 bsc#1246020).
- commit eef28a4
- kasan: remove kasan_find_vm_area() to prevent possible deadlock
(git-fixes).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- commit aaacc92
- drm/tegra: nvdec: Fix dma_alloc_coherent error check
(git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx
message to debug level (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events
on LAN88xx (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
(git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment
during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt
(git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev() (git-fixes).
- commit 067b949
- xfs: fix off-by-one error in fsmap's end_daddr usage
(bsc#1235837).
- commit 919d943
- hisi_acc_vfio_pci: fix XQE dma address error (CVE-2025-38158
bsc#1245750).
- commit 373ef61
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx
(CVE-2025-38094 bsc#1245649).
- commit 45301b8
- platform/x86: think-lmi: Create ksets consecutively
(stable-fixes).
- Refresh
patches.suse/platform-x86-think-lmi-Fix-kobject-cleanup.patch.
- commit 5072bed
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
(git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by
strap (git-fixes).
- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as
connected (git-fixes).
- Bluetooth: hci_sync: Fix not disabling advertising instance
(git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- Logitech C-270 even more broken (stable-fixes).
- Input: xpad - support Acer NGR 200 Controller (stable-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2
(stable-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic
debug mode (stable-fixes).
- ACPICA: Refuse to evaluate a method if arguments are missing
(stable-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).
- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic
(stable-fixes).
- ALSA: sb: Force to disable DMAs once when DMA mode is changed
(stable-fixes).
- ALSA: sb: Don't allow changing the DMA mode during operations
(stable-fixes).
- drm/msm: Fix another leak in the submit error path
(stable-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- regulator: fan53555: add enable_time support and soft-start
times (stable-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames
(stable-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to
8042 quirks list (stable-fixes).
- Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts
on DG1" (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data
(stable-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved
(stable-fixes).
- commit 66a4a55
- net: clear the dst when changing skb protocol (bsc#1245954
CVE-2024-49861).
- commit eed1284
- usb: typec: ucsi: Set orientation as none when connector is
unplugged (git-fixes).
- commit 9b64a84
- usb: typec: ucsi: glink: fix off-by-one in connector_status
(git-fixes).
- commit 63d64a6
- coresight: prevent deactivate active config while enabling
the config (CVE-2025-38131 bsc#1245677).
- coresight: holding cscfg_csdev_lock while removing cscfg from
csdev (CVE-2025-38132 bsc#1245679).
- commit f8db328
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion
(bsc#1246122).
- commit f060328
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- commit cb5cfe6
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- commit 3a50af7
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset
command (git-fixes).
- commit ebc917a
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts
(git-fixes).
- commit 7a0a421
- efi/mokvar-table: Avoid repeated map/unmap of the same page
(bsc#1240323 CVE-2025-21872).
- commit a16e799
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error()
(git-fixes).
- commit 9793505
- kabi: restore encap_sk in struct xfrm_state (CVE-2025-38097
bsc#1245660).
- espintcp: remove encap socket caching to avoid reference leak
(CVE-2025-38097 bsc#1245660).
- commit 94f2735
- net: lan743x: fix potential out-of-bounds write in
lan743x_ptp_io_event_clock_get() (CVE-2025-38183 bsc#1246006).
- commit 0eb12cd
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
(CVE-2025-38115 bsc#1245689).
- commit 6a4ffd3
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- commit da7fb49
- usb: typec: ucsi: don't retrieve PDOs if not supported
(git-fixes).
- commit d303a5e
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- commit b7ba22d
- usb: typec: Update sysfs when setting ops (git-fixes).
- commit b336d78
- usb: typec: ucsi: glink: increase max ports for x1e80100
(git-fixes).
- commit 31de9c9
- ucsi_ops: adapt update_connector to kABI consistency
(git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- blacklist.conf: needed for infrastructure. kABI fix added
- Refresh
patches.kabi/struct-ucsi_operations-use-padding-for-new-operation.patch.
- Refresh patches.suse/paddings-add-paddings-to-TypeC-stuff.patch.
- commit a70b9ee
- ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105
bsc#1245682).
- commit 2bf6099
- x86/process: Move the buffer clearing before MONITOR (bsc#1238896 CVE-2024-36350 CVE-2024-36357 CVE-2024-36348 CVE-2024-36349).
- commit 9303368
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- Refresh
patches.suse/soc-qcom-pmic_glink-Fix-race-during-initialization.patch.
- Refresh
patches.suse/usb-typec-ucsi-glink-fix-child-node-release-in-probe.patch.
- commit b105e3e
- KVM: SVM: Advertise TSA CPUID bits to guests (bsc#1238896 CVE-2024-36350 CVE-2024-36357 CVE-2024-36348 CVE-2024-36349).
- commit 67b316f
- Bluetooth: btusb: Fix regression in the initialization of fake
Bluetooth controllers (CVE-2025-38099 bsc#1245671).
- Bluetooth: Disable SCO support if READ_VOICE_SETTING is
unsupported/broken (CVE-2025-38099 bsc#1245671).
- Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
(CVE-2025-38099 bsc#1245671).
- Bluetooth: Add quirk for broken READ_VOICE_SETTING
(CVE-2025-38099 bsc#1245671).
- commit 254e65a
- jfs: fix array-index-out-of-bounds read in add_missing_indices
(bsc#1245983 CVE-2025-38204).
- commit 65d9d7f
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 /
sm8650 (git-fixes).
- commit 380eca4
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS
quirk on qcm6490 (git-fixes).
- commit 3de42d7
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk
(git-fixes).
- commit 2a3ce34
- usb: typec: ucsi_glink: rework quirks implementation
(git-fixes).
- commit b78f907
- usb: typec: ucsi: support delaying GET_PDOS for device
(git-fixes).
- Refresh patches.kabi/struct-usci-hide-additional-member.patch.
- commit 95f3b03
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- commit 630f139
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- commit ebc6c46
- usb: typec: ucsi: properly register partner's PD device
(git-fixes).
- commit 7b95fc1
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices
(git-fixes).
- commit c40444f
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk
(git-fixes).
- commit 46f5c2a
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- commit e97f436
- exfat: fix double free in delayed_free (bsc#1246073
CVE-2025-38206).
- commit 38c1950
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- commit a80ec70
- x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896 CVE-2024-36350 CVE-2024-36357 CVE-2024-36348 CVE-2024-36349).
- Update config files.
- commit 45d6a14
- pwm: mediatek: Ensure to disable clocks in error path
(git-fixes).
- ASoC: cs35l56: probe() should fail if the device ID is not
recognized (git-fixes).
- ASoC: fsl_asrc: use internal measured ratio for non-ideal
ratio mode (git-fixes).
- commit 5b2c070
- dm-raid: fix variable in journal device check (git-fixes).
- commit 7e51a3f
- dm-verity: fix a memory leak if some arguments are specified
multiple times (git-fixes).
- commit 18c3347
- dm-mirror: fix a tiny race condition (git-fixes).
- commit 6d6aef6
- dm-flakey: make corrupting read bios work (git-fixes).
- commit bbf383a
- dm-flakey: error all IOs when num_features is absent
(git-fixes).
- commit d4d758e
- dm: free table mempools if not used in __bind (git-fixes).
- commit 6abd700
- dm: don't change md if dm_table_set_restrictions() fails
(git-fixes).
- commit 0d534aa
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- commit 240dadc
- virtgpu: don't reset on shutdown (git-fixes).
- commit 82f42df
- kernel/fork: only call untrack_pfn_clear() on VMAs duplicated
for fork() (git-fix for CVE-2025-22090 bsc#1241537).
- commit 852f7f4
- netfilter: nft_set_pipapo: prevent overflow in lookup table
allocation (CVE-2025-38162 bsc#1245752).
- commit c7520cc
- efi: Don't map the entire mokvar table to determine its size
(bsc#1240323 CVE-2025-21872).
- commit aefffb0
- ucsi-glink: adapt to kABI consistency (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status
callback (git-fixes).
- Refresh
patches.suse/usb-typec-ucsi-Move-unregister-out-of-atomic-section.patch.
- commit 8ae6c79
- vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074
bsc#1244735).
- commit 29ecfb7
- struct ucsi_operations: use padding for new operation
(git-fixes).
- commit 5fe6bda
- crypto: ecdsa - Harden against integer overflows in
DIV_ROUND_UP() (CVE-2025-37984 bsc#1243669).
- commit 4115893
- virtio: break and reset virtio devices on device_shutdown()
(CVE-2025-38064 bsc#1245201).
- commit 1ef712f
- usb: typec: ucsi: add callback for connector status updates
(git-fixes).
- blacklist.conf: needed as infrastructure. kABI workaround following
- Refresh patches.suse/paddings-add-paddings-to-TypeC-stuff.patch.
- Refresh
patches.suse/usb-typec-ucsi-displayport-Fix-deadlock.patch.
- commit de5a5b0
- struct cdns: move new member to the end (git-fixes).
- commit 4384b08
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- commit c8b7c96
- net: dsa: clean up FDB, MDB, VLAN entries on unbind
(CVE-2025-37864 bsc#1242965).
- commit d1f463e
- NFSv4: Always set NLINK even if the server doesn't support it
(git-fixes).
- commit 84005c5
- NFSv4.2: fix listxattr to return selinux security label
(git-fixes).
- commit 0319baa
- NFSv4: xattr handlers should check for absent nfs filehandles
(git-fixes).
- commit 80ac5a3
- sunrpc: don't immediately retransmit on seqno miss (git-fixes).
- commit ceebf6f
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- commit 5c4bc1b
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- commit e383ffb
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- commit ddae9d6
- netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes
CVE-2024-57947 bsc#1236333).
- commit cedcb24
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- commit a45e2f9
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
(stable-fixes).
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- ASoC: codecs: wcd9335: Fix missing free of regulator supplies
(git-fixes).
- ALSA: hda: Ignore unsol events for cards being shut down
(stable-fixes).
- ALSA: hda: Add new pci id for AMD GPU display HD audio
controller (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while
suspended (stable-fixes).
- usb: potential integer overflow in usbg_make_tpg()
(stable-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector
device (stable-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev()
(stable-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request
exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux,
switch}_set (stable-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp
(stable-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
(stable-fixes).
- drm/scheduler: signal scheduled fence when kill job
(stable-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
(stable-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by
idxd wq driver before using (stable-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- PCI: dwc: Make link training more robust by setting
PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- leds: multicolor: Fix intensity setting while SW blinking
(stable-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind
(stable-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
(stable-fixes).
- ASoC: codec: wcd9335: Convert to GPIO descriptors
(stable-fixes).
- types: Complement the aligned types with signed 64-bit one
(stable-fixes).
- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify
with dev_err_probe() (stable-fixes).
- commit 9aa1e05
- i2c/designware: Fix an initialization issue (git-fixes).
- commit d80f186
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE
bit cannot be changed (git-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
(git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating
transfer (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state
check (git-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval
in sysfs callbacks (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter
error message (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for
CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
(git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc
(git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
(git-fixes).
- usb: typec: altmodes/displayport: do not index invalid
pin_assignments (git-fixes).
- Revert "usb: xhci: Implement xhci_handshake_check_state()
helper" (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being
removed (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup
(git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do
suspend/resume (git-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- Input: iqs7222 - explicitly define number of external channels
(git-fixes).
- Input: xpad - adjust error handling for disconnect (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM
calls (git-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
(git-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled
context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error
(git-fixes).
- drm/i915/selftests: Change mock_request() to return error
pointers (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue
(git-fixes).
- drm/bridge: panel: move prepare_prev_first handling to
drm_panel_bridge_add_typed (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer
(git-fixes).
- powercap: call put_device() on an error path in
powercap_register_control_type() (stable-fixes).
- commit d0cb71b
- dm: fix unconditional IO throttle caused by REQ_PREFLUSH
(CVE-2025-38063 bsc#1245202).
- commit 65fa7b7
- smb: client: Fix use-after-free in cifs_fill_dirent
(CVE-2025-38051 bsc#1244750).
- commit 0f203bf
- cgroup,freezer: fix incomplete freezing when attaching tasks
(bsc#1245789).
- commit 1970df7
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all
PF_NO_SETAFFINITY tasks (bsc#1241166).
- commit 86012b8
- objtool: Stop UNRET validation on UD2 (git-fixes).
- commit 0be0bc6
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
(git-fixes).
- commit f1073e2
- objtool: Properly disable uaccess validation (git-fixes).
- commit b170301
- mm/memory-failure: fix handling of dissolved but not taken
off from buddy pages (CVE-2024-39298 bsc#1227082).
Refreshed:
blacklist.conf: De-blacklist 8cf360b9d6a840700e06864236a01a883b34bbad
- commit 1d1f80f
- rose: fix dangling neighbour pointers in rose_rt_device_down()
(git-fixes).
- Bluetooth: MGMT: mesh_send: check instances prior disabling
advertising (git-fixes).
- Bluetooth: MGMT: set_mesh: update LE scan interval and window
(git-fixes).
- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- Bluetooth: Prevent unintended pause by checking if advertising
is active (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on
disconnect (git-fixes).
- commit 9d01c7e
- objtool: Silence more KCOV warnings (git-fixes).
- commit 246e013
- objtool: Fix error handling inconsistencies in check()
(git-fixes).
- commit 2b123dd
- objtool: Ignore dangling jump table entries (git-fixes).
- commit 694bcb3
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks
(git-fixes).
- commit 24df4fe
- x86/tdx: Fix __noreturn build warning around
__tdx_hypercall_failed() (git-fixes).
- Refresh
patches.suse/x86-virt-tdx-Define-TDX-supported-page-sizes-as-macros.patch.
- commit 741a25e
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- commit b2539b9
- nvmet-tcp: don't restore null sk_state_change (bsc#1244801
CVE-2025-38035).
- commit a1cc55e
- s390/pci: Fix stale function handles in error handling
(git-fixes bsc#1245647).
- commit 1f0ecfd
- s390/pci: Do not try re-enabling load/store if device is
disabled (git-fixes bsc#1245646).
- commit a7a5884
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- commit cbe692c
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init()
fails (git-fixes).
- commit 29c2a95
- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- commit a31c762
- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)
- commit 50aa3ad
- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)
- commit 6fac6aa
- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- commit f645a5e
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- commit 9bf32eb
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- commit 85b8654
- Revert "mmc: sdhci: Disable SD card clock before changing
parameters" (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure
(git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
(git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier
(git-fixes).
- commit 4977a9e
- kABI workaround for xsk: Fix race condition in AF_XDP generic
RX path (CVE-2025-37920 bsc#1243479).
- commit 2cbaa5f
- xsk: Fix race condition in AF_XDP generic RX path
(CVE-2025-37920 bsc#1243479).
- commit b0fed9b
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- commit 3936762
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes
bsc#1245599).
- commit 4cb28a8
- s390/pkey: Prevent overflow in size calculation for
memdup_user() (git-fixes bsc#1245598).
- commit 458c9d8
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- commit a338278
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write() (CVE-2025-38061 bsc#1245440).
- commit 386f111
- net: tipc: fix refcount warning in tipc_aead_encrypt
(CVE-2025-38052 bsc#1244749).
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
(CVE-2025-38052 bsc#1244749).
- commit 39309cf
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0013-CVE-2025-3576.patch
- libxslt
-
- security update
- added patches
CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes
+ libxslt-CVE-2025-7424.patch
- gnutls
-
- Fix heap buffer overread when handling the CT SCT extension during X.509
certificate parsing [bsc#1246233, CVE-2025-32989]
* Add patch gnutls-CVE-2025-32989.patch
- Fix double-free due to incorrect ownership handling in the export logic of
SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
* Add patch gnutls-CVE-2025-32988.patch
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- Fix NULL pointer dereference when 2nd Client Hello omits PSK
[bsc#1246299, CVE-2025-6395]
* Add patch gnutls-CVE-2025-6395.patch
- xz
-
- Fix CVE-2025-31115 (bsc#1240414)
* CVE-2025-31115.patch
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- python311:base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- sqlite3
-
- Update to 3.50.2:
* Fix the concat_ws() SQL function so that it includes empty
strings in the concatenation.
* Avoid writing frames with no checksums into the wal file if a
savepoint is rolled back after dirty pages have already been
spilled into the wal file.
* Fix the Bitvec object to avoid stack overflow when the
database is within 60 pages of its maximum size.
* Fix a problem with UPDATEs on fts5 tables that contain BLOB
values.
* Fix an issue with transitive IS constraints on a RIGHT JOIN.
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Ensure that sqlite3_setlk_timeout() holds the database mutex.
- Update to 3.50 (3.50.1):
* Improved handling and robust output of control characters
* sqlite3_rsync no longer requires WAL mode and needs less
bandwidth
* Bug fixes and optimized JSON handling
* Performance optimizations and developer visible fixes
- Update to release 3.49.2:
* Fix a bug in the NOT NULL optimization of version 3.40.0 that
can lead to a memory error if abused.
* Fix the count-of-view optimization so that it does not give an
incorrect answer for a DISTINCT query.
* Fix a possible incorrect answer that can result if a UNIQUE
constraint of a table contains the PRIMARY KEY column and that
UNIQUE constraint is used by an IN operator.
* Fix obscure problems with the generate_series() extension
function.
* Incremental improvements to the configure/make.
- Add subpackage for the lemon parser generator.
- Add patches:
* sqlite-3.49.0-fix-lemon-missing-cflags.patch
* sqlite-3.6.23-lemon-system-template.patch
- libssh
-
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- Fix CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
* Add patch libssh-CVE-2025-5987.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)
* Add patch libssh-CVE-2025-5351.patch
- systemd
-
- Remove the script used to help migrating the language and locale settings
located in /etc/sysconfig/language on old systems to the systemd default
locations (bsc#1247074)
The script was introduced more than 7 years ago and all systems running TW
should have been migrated since then. Moreover the installer supports the
systemd default locations since approximately SLE15.
- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
offline update.
- Import commit 247091bc99ba506cee501b520d1d0a11d772fc13 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/aa12f501ae4749c542a091028d848796da4ef51b...247091bc99ba506cee501b520d1d0a11d772fc13
- Import commit aa12f501ae4749c542a091028d848796da4ef51b
aa12f501ae logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
e8b17d11bc sd-journal: drop to use Hashmap to manage journal files per boot ID
ea80273738 tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
a5b3b5344f sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
5fa0600b34 sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
737e8193e7 sd-journal: cache last entry offset and journal file state
057dca426f sd-journal: fix typo in function name
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- libzypp
-
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install
(bsc#1246912)
- version 17.37.18 (35)
- Make ld.so ignore the subarch packages during install
(bsc#1246912)
- version 17.37.17 (35)
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
(fixes #667)
- version 17.37.16 (35)
- Append RepoInfo::path() to the mirror URLs in Preloader
(bsc#1247054)
- version 17.37.15 (35)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- version 17.37.14 (35)
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- version 17.37.13 (35)
- net-tools
-
- Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It
was net-tools-1.60 specific leak fix and breaks netrom in
net-tools-2.10 (bnc#544339#c2).
- Drop old Fedora patch 0006-Allow-interface-stacking.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- podman
-
- Add patch for CVE-2025-6032 (bsc#1245320):
* 0008-CVE-2025-6032-machine-init-fix-tls-check.patch
- Rebase patches:
* 0001-vendor-update-c-buildah-to-1.33.12.patch
* 0002-Backport-fix-for-CVE-2024-6104.patch
* 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
* 0004-http2-close-connections-when-receiving-too-many-head.patch
* 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
* 0006-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
* 0007-Fix-Remove-appending-rw-as-the-default-mount-option.patch
- python-azure-agent
-
- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf
(bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
using python2 in SLE 12 (bsc#1240385)
- Add a new version of paa_force_py3_sle15.patch to compensate for
missing Python RPM macros in older distros
- libxml2:python
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- python311
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- regionServiceClientConfigAzure
-
- Update to version 3.0.0 (bsc#1246995)
+ SLE 16 python-requests requiers SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in SLE 16
(bsc#1243419)
- Update to version 2.2.2
+ Replacing certificate for rgnsrv-azure-southeastasia to get
rid of weird chain cert
- Update to version 2.2.1
+ New 4096 certificate for rgnsrv-azure-southeastasia
- runc
-
- Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
- Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
- suse-build-key
-
- adjust UID (name + email) of SLES16 signing key with official
names. (bsc#1245223)
- vim
-
- Added patches:
* reorder-exit-raw-mode.patch
- Refresh patches:
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-sh_is_bash.patch
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- zypper
-
- Fixed `bash-completion`: `zypper refresh` now ignores
repository priority lines.
- Changes to support building against restructured libzypp in
stack build (bsc#1230267)
- version 1.14.94
- Fix addrepo to handle explicit --check and --no-check requests
(bsc#1246466)
- Accept "show" as alias for "info" (bsc#1245985)
- version 1.14.93