- alsa-ucm-conf
-
- Correct / update the previous backported patches
- Improved HD-audio Mic LED handling (bsc#1243695):
0002-common-add-led.conf-with-SetLED-macro-to-hide-implem.patch
0003-ucm2-use-new-SetLED-macro-to-hide-the-implementation.patch
0004-ucm2-HDA-HiFi-analog-mic-Refactor-the-analog-mic-dis.patch
0005-ucm2-HDA-remove-HDA-Capture-value.conf-and-put-conte.patch
0006-HDA-move-led.conf-include-to-more-appropriate-place.patch
0007-HDA-mics-prefer-Mic-Jack-instead-Headphone-Jack.patch
0008-HDA-mics-improve-the-Jack-selection.patch
0009-HDA-mics-don-t-create-conflict-link-for-Headphone-Mi.patch
0010-acppdmmach-add-support-for-ACP-7.0.patch
- azure-cli-core
-
- Refresh CVE-2025-24049.patch
- azure-cli
-
- Drop CVE-2024-43591.patch, fixed upstream
- Fix testsuite evaluation logic
- boost
-
- CVE-2016-9840: fixed out-of-bounds pointer arithmetic in zlib in beast
(bsc#1245936)
- adds patch boost-zlib.patch
- kernel-default
-
- r8152: add vendor/device ID pair for Dell Alienware AW1022z
(git-fixes).
- commit 9bd4e20
- rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes).
- commit d8e756f
- add bug reference to existing hv_storvsc change (bsc#1245455).
- net: mana: Record doorbell physical address in PF mode (bsc#1244229).
- commit 1c553b0
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound
request (git-fixes).
- commit 784f61d
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
(bsc#1245431).
- commit dd145d5
- netlink: specs: dpll: replace underscores with dashes in names
(git-fixes).
- bnxt: properly flush XDP redirect lists (git-fixes).
- e1000e: set fixed clock frequency indication for Nahum 11 and
Nahum 13 (git-fixes).
- net: ice: Perform accurate aRFS flow match (git-fixes).
- net/mlx5e: Fix leak of Geneve TLV option object (git-fixes).
- net/mlx5: Fix return value when searching for existing flow
group (git-fixes).
- net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes).
- net/mlx5: Ensure fw pages are always allocated on same NUMA
(git-fixes).
- i40e: retry VFLR handling if there is ongoing VF reset
(git-fixes).
- i40e: return false from i40e_reset_vf if reset is in progress
(git-fixes).
- gve: add missing NULL check for gve_alloc_pending_packet()
in TX DQO (git-fixes).
- ice: fix rebuilding the Tx scheduler tree for large queue counts
(git-fixes).
- ice: create new Tx scheduler nodes for new queues only
(git-fixes).
- ice: fix Tx scheduler error handling in XDP callback
(git-fixes).
- net/mlx4_en: Prevent potential integer overflow calculating Hz
(git-fixes).
- gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
(git-fixes).
- net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
(git-fixes).
- net/mlx5_core: Add error handling
inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes).
- idpf: fix null-ptr-deref in idpf_features_check (CVE-2025-38053
bsc#1244746).
- ice: Fix LACP bonds without SRIOV environment (git-fixes).
- ice: fix vf->num_mac count with port representors (git-fixes).
- devlink: fix port dump cmd type (git-fixes).
- devlink: Fix referring to hw_addr attribute during state
validation (git-fixes).
- netlink: fix potential sleeping issue in mqueue_flush_file
(git-fixes).
- commit 6dccf5f
- mm/hugetlb: unshare page tables during VMA split, not before
(bsc#1245431).
- commit bf8eb79
- staging: rtl8723bs: Avoid memset() in aes_cipher() and
aes_decipher() (git-fixes).
- serial: imx: Restore original RXTL for console to fix data loss
(git-fixes).
- commit 652de47
- drm/amdgpu: csa unmap use uninterruptible lock (CVE-2025-38011
bsc#1244729).
- commit d370e7c
- i2c: tiny-usb: disable zero-length read messages (git-fixes).
- i2c: robotfuzz-osif: disable zero-length read messages
(git-fixes).
- drm/i915: fix build error some more (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
(git-fixes).
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3() (git-fixes).
- ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
(stable-fixes).
- ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the
KTMicro sound card (stable-fixes).
- ALSA: hda/intel: Add Thinkpad E15 to PM deny list
(stable-fixes).
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
(stable-fixes).
- drivers/rapidio/rio_cm.c: prevent possible heap overwrite
(stable-fixes).
- watchdog: da9052_wdt: respect TWDMIN (stable-fixes).
- watchdog: fix watchdog may detect false positive of softlockup
(stable-fixes).
- fbcon: Make sure modelist not set on unregistered console
(stable-fixes).
- bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
(stable-fixes).
- i2c: designware: Invoke runtime suspend on quick slave
re-registration (stable-fixes).
- i2c: npcm: Add clock toggle recovery (stable-fixes).
- pinctrl: armada-37xx: propagate error from
armada_37xx_pmx_set_by_name() (stable-fixes).
- pinctrl: armada-37xx: propagate error from
armada_37xx_gpio_get_direction() (stable-fixes).
- pinctrl: armada-37xx: propagate error from
armada_37xx_pmx_gpio_set_direction() (stable-fixes).
- pinctrl: armada-37xx: propagate error from
armada_37xx_gpio_get() (stable-fixes).
- pinctrl: mcp23s08: Reset all pins to input at probe
(stable-fixes).
- software node: Correct a OOB check in
software_node_get_reference_args() (stable-fixes).
- wifi: mt76: mt7996: drop fragments with multicast or broadcast
RA (stable-fixes).
- wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
(stable-fixes).
- wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
(stable-fixes).
- wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
(stable-fixes).
- wifi: ath12k: fix a possible dead lock caused by ab->base_lock
(stable-fixes).
- wifi: ath11k: Fix QMI memory reuse logic (stable-fixes).
- wifi: rtw89: leave idle mode when setting WEP encryption for
AP mode (stable-fixes).
- wifi: mac80211: do not offer a mesh path if forwarding is
disabled (stable-fixes).
- wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes).
- wifi: mac80211_hwsim: Prevent tsf from setting if beacon is
disabled (stable-fixes).
- wifi: ath12k: fix failed to set mhi state error during reboot
with hardware grouping (stable-fixes).
- wifi: ath12k: fix link valid field initialization in the
monitor Rx (stable-fixes).
- wifi: ath12k: fix incorrect CE addresses (stable-fixes).
- wifi: ath12k: Pass correct values of center freq1 and center
freq2 for 160 MHz (stable-fixes).
- wifi: mac80211: VLAN traffic in multicast path (stable-fixes).
- wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
(stable-fixes).
- usbnet: asix AX88772: leave the carrier control to phylink
(stable-fixes).
- PM: runtime: fix denying of auto suspend in
pm_suspend_timer_fn() (stable-fixes).
- ACPI: battery: negate current when discharging (stable-fixes).
- ACPICA: Avoid sequence overread in call to strncmp()
(stable-fixes).
- ACPICA: utilities: Fix overflow check in vsnprintf()
(stable-fixes).
- ACPICA: fix acpi parse and parseext cache leaks (stable-fixes).
- ACPICA: fix acpi operand cache leak in dswstate.c
(stable-fixes).
- ACPI: bus: Bail out if acpi_kobj registration fails
(stable-fixes).
- mmc: Add quirk to disable DDR50 tuning (stable-fixes).
- power: supply: bq27xxx: Retrieve again when busy (stable-fixes).
- power: supply: collie: Fix wakeup source leaks on device unbind
(stable-fixes).
- ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
(stable-fixes).
- ASoC: tegra210_ahub: Add check to of_device_get_match_data()
(stable-fixes).
- ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
(stable-fixes).
- Input: sparcspkr - avoid unannotated fall-through
(stable-fixes).
- commit 0dc7dde
- Update
patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch
(git-fixes CVE-2025-38007 bsc#1244938).
- Update
patches.suse/RDMA-core-Fix-KASAN-slab-use-after-free-Read-in-ib_r.patch
(git-fixes CVE-2025-38022 bsc#1245003).
- Update
patches.suse/RDMA-rxe-Fix-slab-use-after-free-Read-in-rxe_queue_c.patch
(git-fixes CVE-2025-38024 bsc#1245025).
- Update
patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-csu.patch
(bsc#1243342 CVE-2025-38059 bsc#1244759).
- Update
patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-ext.patch
(bsc#1236208 CVE-2025-21658).
- Update
patches.suse/can-bcm-add-locking-for-bcm_op-runtime-updates.patch
(git-fixes CVE-2025-38004 bsc#1244274).
- Update
patches.suse/can-bcm-add-missing-rcu-read-protection-for-procfs-c.patch
(git-fixes CVE-2025-38003 bsc#1244275).
- Update
patches.suse/crypto-algif_hash-fix-double-free-in-hash_accept.patch
(git-fixes CVE-2025-38079 bsc#1245217).
- Update
patches.suse/crypto-lzo-Fix-compression-buffer-overrun.patch
(stable-fixes CVE-2025-38068 bsc#1245210).
- Update
patches.suse/dmaengine-idxd-Refactor-remove-call-with-idxd_cleanu.patch
(git-fixes CVE-2025-38014 bsc#1244732).
- Update
patches.suse/dmaengine-idxd-fix-memory-leak-in-error-handling-pat-46a5cca.patch
(git-fixes CVE-2025-38015 bsc#1244789).
- Update
patches.suse/dmaengine-ti-k3-udma-Add-missing-locking.patch
(git-fixes CVE-2025-38005 bsc#1244727).
- Update
patches.suse/drm-amd-display-Increase-block_sequence-array-size.patch
(stable-fixes CVE-2025-38080 bsc#1244738).
- Update
patches.suse/ext4-goto-right-label-out_mmap_sem-in-ext4_setattr.patch
(bsc#1242556 CVE-2025-22120 bsc#1241592).
- Update
patches.suse/firmware-arm_ffa-Set-dma_mask-for-ffa-devices.patch
(stable-fixes CVE-2025-38043 bsc#1245081).
- Update patches.suse/media-cx231xx-set-device_caps-for-417.patch
(stable-fixes CVE-2025-38044 bsc#1245082).
- Update
patches.suse/net-handshake-Fix-handshake_req_destroy_test1.patch
(git-fixes CVE-2024-26831 bsc#1223008).
- Update
patches.suse/net-mlx5e-Disable-MACsec-offload-for-uplink-represen.patch
(git-fixes CVE-2025-38020 bsc#1245001).
- Update patches.suse/net_sched-prio-fix-a-race-in-prio_tune.patch
(git-fixes CVE-2025-38083 bsc#1245183).
- Update
patches.suse/nfs-handle-failure-of-nfs_get_lock_context-in-unlock-path.patch
(git-fixes CVE-2025-38023 bsc#1245004).
- Update patches.suse/orangefs-Do-not-truncate-file-size.patch
(git-fixes CVE-2025-38065 bsc#1244906).
- Update
patches.suse/padata-do-not-leak-refcount-in-reorder_work.patch
(git-fixes CVE-2025-38031 bsc#1245046).
- Update
patches.suse/phy-tegra-xusb-Use-a-bitmask-for-UTMI-pad-power-stat.patch
(git-fixes CVE-2025-38010 bsc#1244996).
- Update
patches.suse/platform-x86-dell-wmi-sysman-Avoid-buffer-overflow-i.patch
(git-fixes CVE-2025-38077 bsc#1244736).
- Update
patches.suse/regulator-max20086-fix-invalid-memory-access.patch
(git-fixes CVE-2025-38027 bsc#1245042).
- Update
patches.suse/s390-pci-Fix-duplicate-pci_dev_put-in-disable_slot-w.patch
(git-fixes bsc#1244145 CVE-2025-37946 bsc#1243506).
- Update
patches.suse/s390-pci-fix-potential-double-remove-of-hotplug-slot.patch
(bsc#1244145 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state.patch
(git fixes (sched/numa) CVE-2024-56613 bsc#1244176).
- Update
patches.suse/serial-mctrl_gpio-split-disable_ms-into-sync-and-no_.patch
(git-fixes CVE-2025-38040 bsc#1245078).
- Update
patches.suse/spi-rockchip-Fix-register-out-of-bounds-access.patch
(stable-fixes CVE-2025-38081 bsc#1244739).
- Update
patches.suse/usb-typec-ucsi-displayport-Fix-NULL-pointer-access.patch
(git-fixes CVE-2025-37994 bsc#1243823).
- Update
patches.suse/vhost-scsi-Fix-handling-of-multiple-calls-to-vhost_s.patch
(git-fixes CVE-2025-22083 bsc#1241414).
- Update
patches.suse/wifi-cfg80211-fix-out-of-bounds-access-during-multi-.patch
(git-fixes CVE-2025-37973 bsc#1244172).
- Update patches.suse/wifi-iwlwifi-fix-debug-actions-order.patch
(stable-fixes CVE-2025-38045 bsc#1245083).
- Update
patches.suse/wifi-mac80211-Set-n_channels-after-allocating-struct.patch
(git-fixes CVE-2025-38013 bsc#1244731).
- Update
patches.suse/wifi-mt76-disable-napi-on-driver-removal.patch
(git-fixes CVE-2025-38009 bsc#1244995).
- commit fee1c31
- HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
(git-fixes).
- HID: wacom: fix kobject reference count leak (git-fixes).
- HID: wacom: fix memory leak on sysfs attribute creation failure
(git-fixes).
- HID: wacom: fix memory leak on kobject creation failure
(git-fixes).
- wifi: mac80211: fix beacon interval calculation overflow
(git-fixes).
- commit 8d2d6ad
- scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes).
- net: mana: Add support for Multi Vports on Bare metal (bsc#1244229).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit cde971c
- btrfs: fix fsync of files with no hard links not persisting
deletion (git-fixes).
- btrfs: remove end_no_trans label from btrfs_log_inode_parent()
(git-fixes).
- btrfs: simplify condition for logging new dentries at
btrfs_log_inode_parent() (git-fixes).
- commit 9370aa3
- btrfs: fix wrong start offset for delalloc space release during
mmap write (git-fixes).
- commit 59b0f84
- btrfs: fix invalid data space release when truncating block
in NOCOW mode (git-fixes).
- commit b11e8b5
- btrfs: fix qgroup reservation leak on failure to allocate
ordered extent (git-fixes).
- commit e13d6e0
- ntp: Remove invalid cast in time offset math (git-fixes)
- commit 92649f3
- timekeeping: Fix bogus clock_was_set() invocation in (git-fixes)
- commit 17fecee
- ntp: Safeguard against time_constant overflow (git-fixes)
- commit fb90573
- ntp: Clamp maxerror and esterror to operating range (git-fixes)
- commit 947fc29
- clocksource: Fix brown-bag boolean thinko in (git-fixes)
- commit f65bb99
- clocksource: Make watchdog and suspend-timing multiplication (git-fixes)
- commit a87f573
- timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes)
- commit 1a57489
- timekeeping: Fix cross-timestamp interpolation corner case (git-fixes)
- commit dc250ae
- timekeeping: Fix cross-timestamp interpolation on counter (git-fixes)
- commit 4e863aa
- Refresh
patches.kabi/kabi-restore-layout-of-struct-mem_control.patch.
- commit 5049495
- kabi: restore layout of struct cgroup_subsys (bsc#1241166).
- commit 2014732
- cgroup/cpuset: Fix race between newly created partition and
dying one (bsc#1241166).
- commit 36dffbc
- fgraph: Still initialize idle shadow stacks when starting
(git-fixes).
- commit 1697414
- tracing/eprobe: Fix to release eprobe when failed to add
dyn_event (git-fixes).
- commit a8fd69f
- tracing: Fix cmp_entries_dup() to respect sort() comparison
rules (git-fixes).
- commit f73056c
- tracing: Use atomic64_inc_return() in trace_clock_counter()
(git-fixes).
- commit 23262fc
- trace/trace_event_perf: remove duplicate samples on the first
tracepoint event (git-fixes).
- commit b4e63e6
- bpf: Force uprobe bpf program to always return 0 (git-fixes).
- commit 90effed
- uprobes: Use kzalloc to allocate xol area (git-fixes).
- Refresh
patches.suse/uprobes-introduce-the-global-struct-vm_special_mapping-xol_mapping.patch.
- commit 30d8536
- bpf: abort verification if env->cur_state->loop_entry != NULL
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-verifier-kABI-workarounds.patch.
- commit c80eca0
- selftests/bpf: check states pruning for deeply nested iterator
(CVE-2025-38060 bsc#1245155).
- bpf: don't do clean_live_states when state->loop_entry->branches
> 0 (CVE-2025-38060 bsc#1245155).
- commit f0d9333
- vmxnet3: support higher link speeds from vmxnet3 v9
(bsc#1244626).
- commit 0aa445e
- vmxnet3: correctly report gso type for UDP tunnels
(bsc#1244626).
- commit 44584be
- vmxnet3: update MTU after device quiesce (bsc#1244626).
- commit 14400a7
- scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
(git-fixes).
- commit 11611ac
- tracing: Fix compilation warning on arm32 (bsc#1243551).
- commit bc2f48d
- tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923
bsc#1243551).
- commit ff6a777
- ata: libata-eh: Do not use ATAPI DMA for a device limited to
PIO mode (stable-fixes).
- commit 07065f3
- bpf: copy_verifier_state() should copy 'loop_entry' field
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-verifier-kABI-workarounds.patch.
- commit 815fadf
- selftests/bpf: test correct loop_entry update in
copy_verifier_state (CVE-2025-38060 bsc#1245155).
- commit b2e3449
- tracing: Fix use-after-free in print_graph_function_flags
during tracer switching (CVE-2025-22035 bsc#1241544).
- commit b6d43f4
- bpf: Fix deadlock between rcu_tasks_trace and event_mutex
(CVE-2025-37884 bsc#1243060).
- commit 7f690ab
- truct dwc3 hide new member wakeup_pending_funcs (git-fixes).
- commit 84579a6
- kabi: restore layout of struct page_counter (jsc#PED-12551).
- commit ef34a22
- usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes).
- commit 39cb14b
- ucsi_debugfs_entry: hide signedness change (git-fixes).
- commit 154816e
- usb: typec: ucsi: fix Clang -Wsign-conversion warning
(git-fixes).
- Refresh patches.suse/paddings-add-paddings-to-TypeC-stuff.patch.
- commit 40f2bc3
- hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu
(git-fixes).
- commit b5678d7
- net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538)
- commit 416e192
- hwmon: (peci/dimmtemp) Do not provide fake thresholds data
(git-fixes).
- hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol
namespace (git-fixes).
- commit 53b0cf2
- Update reference for patches.suse/net_sched-sch_sfq-use-a-temporary-work-area-for-vali.patch (bsc#1242504)
- commit 8730da1
- s390/tty: Fix a potential memory leak bug (git-fixes
bsc#1245228).
- commit e4f3ff4
- s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes
bsc#1245226).
- commit 7cf700b
- ceph: fix memory leaks in __ceph_sync_read() (git-fixes).
- Refresh
patches.suse/ceph-improve-error-handling-and-short-overflow-read-.patch.
- commit 04880f5
- ceph: allocate sparse_ext map only for sparse reads (git-fixes).
- commit e7c7fa7
- ceph: Fix incorrect flush end position calculation (git-fixes).
- commit 626f897
- KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes
bsc#1245225).
- commit 7cc3455
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
(CVE-2025-37927 bsc#1243620).
- commit 4916f47
- nvme-fc: do not reference lsrsp after failure (bsc#1245193).
- nvmet-fcloop: don't wait for lport cleanup (bsc#1245193).
- nvmet-fcloop: add missing fcloop_callback_host_done
(bsc#1245193).
- nvmet-fc: take tgtport refs for portentry (bsc#1245193).
- nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193).
- nvmet-fcloop: drop response if targetport is gone (bsc#1245193).
- nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193).
- nvmet-fcloop: prevent double port deletion (bsc#1245193).
- nvmet-fcloop: access fcpreq only when holding reqlock
(bsc#1245193).
- nvmet-fcloop: update refs on tfcp_req (bsc#1245193).
- nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193).
- nvmet-fcloop: refactor fcloop_nport_alloc and track lport
(bsc#1245193).
- nvmet-fcloop: remove nport from list on last user (bsc#1245193).
- nvmet-fcloop: track ref counts for nports (bsc#1245193).
- commit 20104c4
- Remove host-memcpy-hack.h
This might have been usefult at some point but we have more things that
depend on specific library versions today.
- commit 0396c23
- Remove compress-vmlinux.sh
/usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in
pesign-obs-integration during SLE12 RC. This workaround can be removed.
- commit 19caac0
- Remove try-disable-staging-driver
The config for linux-next is autogenerated from master config, and
defaults filled for missing options. This is unlikely to enable any
staging driver in the first place.
- commit a6f21ed
- nvme: always punt polled uring_cmd end_io work to task_work
(git-fixes).
- nvme: fix implicit bool to flags conversion (git-fixes).
- commit 36de06b
- net/tls: fix kernel panic when alloc_page failed (CVE-2025-38018
bsc#1244999).
- commit 1124110
- espintcp: fix skb leaks (CVE-2025-38057 bsc#1244862).
- commit dffbfd5
- nvme: fix command limits status code (git-fixes).
- nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44
Pro (git-fixes).
- nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes).
- nvme-pci: add quirks for device 126f:1001 (git-fixes).
- commit 990928c
- sunrpc: handle SVC_GARBAGE during svc auth processing as auth
error (git-fixes).
- commit afe6d07
- x86/microcode/AMD: Add get_patch_level() (git-fixes).
- commit 73bb23d
- x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes).
- commit c818693
- x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes).
- commit 761df14
- x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes).
- commit d6c2d35
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- commit d0fff01
- scsi: iscsi: Fix incorrect error path labels for flashnode
operations (git-fixes).
- md/raid1,raid10: don't handle IO error for REQ_RAHEAD and
REQ_NOWAIT (git-fixes).
- commit cbd3a76
- PCI/PM: Set up runtime PM even for devices without PCI PM
(git-fixes).
- commit 871b129
- gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
(git-fixes).
- drm/etnaviv: Protect the scheduler's pending list with its lock
(git-fixes).
- drm/nouveau/bl: increase buffer size to avoid truncate warning
(git-fixes).
- drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes).
- drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes).
- drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
(git-fixes).
- drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
(git-fixes).
- drm/msm/disp: Correct porch timing for SDM845 (git-fixes).
- commit 3df7edd
- libnvdimm/labels: Fix divide error in nd_label_data_init()
(bsc#1244743, CVE-2025-38072).
- commit 42a394c
- kabi: restore layout of struct mem_control (jsc#PED-12551).
- commit e948e2e
- mm, memcg: cg2 memory{.swap,}.peak write handlers
(jsc#PED-12551).
- mm/memcontrol: export memcg.swap watermark via sysfs for v2
memcg (jsc#PED-12551).
- commit 97c4d37
- can: tcan4x5x: fix power regulator retrieval during probe
(git-fixes).
- commit 5798451
- wifi: carl9170: do not ping device which has failed to load
firmware (git-fixes).
- NFC: nci: uart: Set tty->disc_data only in success path
(git-fixes).
- hwmon: (occ) fix unaligned accesses (git-fixes).
- hwmon: (occ) Rework attribute registration for stack usage
(git-fixes).
- hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes).
- wifi: ath11k: move some firmware stats related functions
outside of debugfs (git-fixes).
- wifi: ath11k: don't wait when there is no vdev started
(git-fixes).
- wifi: ath11k: don't use static variables in
ath11k_debugfs_fw_stats_process() (git-fixes).
- wifi: ath11k: avoid burning CPU in
ath11k_debugfs_fw_stats_request() (git-fixes).
- USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
(stable-fixes).
- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage
device (stable-fixes).
- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
(stable-fixes).
- thunderbolt: Do not double dequeue a configuration request
(stable-fixes).
- rtc: Make rtc_time64_to_tm() support dates before 1970
(stable-fixes).
- firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
(git-fixes).
- Bluetooth: MGMT: Remove unused mgmt_pending_find_data
(stable-fixes).
- serial: sh-sci: Move runtime PM enable to sci_probe_single()
(stable-fixes).
- wifi: ath11k: convert timeouts to secs_to_jiffies()
(stable-fixes).
- wifi: ath11k: fix soc_dp_stats debugfs file permission
(stable-fixes).
- commit d77b71f
- Update patches.suse/ALSA-pcm-Fix-race-of-buffer-access-at-PCM-OSS-layer.patch
(CVE-2025-38078 bsc#1244737).
- commit 9ad878b
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(git-fixes).
- commit 1a53756
- net/sched: fix use-after-free in taprio_dev_notifier
(git-fixes).
- commit bd7e23e
- net_sched: ets: fix a race in ets_qdisc_change() (git-fixes).
- commit c8863c2
- net_sched: tbf: fix a race in tbf_change() (git-fixes).
- commit 8dd49d3
- net_sched: red: fix a race in __red_change() (git-fixes).
- commit eb63704
- net_sched: prio: fix a race in prio_tune() (git-fixes).
- commit 2898595
- net_sched: sch_sfq: reject invalid perturb period (git-fixes).
- commit 11af7b7
- net: Fix TOCTOU issue in sk_is_readable() (git-fixes).
- commit 9bf44e9
- Update patches.suse/dlm-mask-sk_shutdown-value.patch
(bsc#1241278).
- Update patches.suse/dlm-use-SHUT_RDWR-for-SCTP-shutdown.patch
(bsc#1241278).
Original bsc number was wrong. Fix it.
- commit 37c9443
- net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (CVE-2025-38001 bsc#1244234).
- commit 6a31481
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725)
- commit 5432961
- platform/x86: ideapad-laptop: use usleep_range() for EC polling
(git-fixes).
- commit 1373cac
- platform/x86: dell_rbu: Stop overwriting data buffer
(git-fixes).
- platform/x86: dell_rbu: Fix list usage (git-fixes).
- platform/x86/amd: pmc: Clear metrics table at start of cycle
(git-fixes).
- platform/x86/intel-uncore-freq: Fail module load when plat_info
is NULL (git-fixes).
- commit 4eb007c
- Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync
(git-fixes).
- Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes).
- Bluetooth: hci_conn: Fix UAF Write in
__hci_acl_create_connection_sync (git-fixes).
- commit cc24dff
- Bluetooth: hci_event: Fix not using key encryption size when
its known (git-fixes).
- Bluetooth: Remove pending ACL connection attempts
(stable-fixes).
- Bluetooth: hci_conn: Only do ACL connections sequentially
(stable-fixes).
- commit 45b89a8
- kernel-source: Remove log.sh from sources
- commit 96bd779
- powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO
EEH recovery (bsc#1215199).
- commit 8ae69e3
- ima: Suspend PCR extends and log appends when rebooting
(bsc#1210025 ltc#196650).
- commit 25c308f
- ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
(git-fixes).
- regulator: max20086: Fix refcount leak in
max20086_parse_regulators_dt() (git-fixes).
- commit 5b8c5a3
- scsi: dc395x: Remove leftover if statement in reselect()
(git-fixes).
- commit c259874
- loop: add file_start_write() and file_end_write() (git-fixes).
- scsi: dc395x: Remove DEBUG conditional compilation (git-fixes).
- scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
(git-fixes).
- scsi: qedf: Use designated initializer for struct
qed_fcoe_cb_ops (git-fixes).
- scsi: sd_zbc: block: Respect bio vector limits for REPORT
ZONES buffer (git-fixes).
- scsi: mpi3mr: Add level check to control event logging
(git-fixes).
- scsi: st: Tighten the page format heuristics with MODE SELECT
(git-fixes).
- scsi: st: ERASE does not change tape location (git-fixes).
- scsi: mpt3sas: Send a diag reset if target reset fails
(git-fixes).
- scsi: st: Restore some drive settings after reset (git-fixes).
- commit 6dba36f
- x86/mm/init: Handle the special case of device private
pages in add_pages(), to not increase max_pfn and trigger
dma_addressing_limited() bounce buffers (git-fixes).
- commit d67c7bf
- PCI/MSI: Size device MSI domain with the maximum number of
vectors (git-fixes).
- PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from
rockchip_pcie_link_up() (git-fixes).
- PCI: apple: Set only available ports up (git-fixes).
- PCI: dwc: ep: Correct PBA offset in .set_msix() callback
(git-fixes).
- PCI: endpoint: Retain fixed-size BAR size as well as aligned
size (git-fixes).
- kABI: PCI: endpoint: Retain fixed-size BAR size as well as
aligned size (git-fixes).
- PCI/DPC: Log Error Source ID only when valid (git-fixes).
- serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
(git-fixes).
- kABI: serial: mctrl_gpio: split disable_ms into sync and
no_sync APIs (git-fixes).
- x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes).
- PCI/DPC: Use defines with DPC reason fields (git-fixes).
- commit 67e24e5
- Bluetooth: MGMT: Fix sparse errors (git-fixes).
- commit bcd5c33
- wifi: ath11k: validate ath11k_crypto_mode on top of
ath11k_core_qmi_firmware_ready (git-fixes).
- ath10k: snoc: fix unbalanced IRQ enable in crash recovery
(git-fixes).
- Bluetooth: hci_sync: Fix broadcast/PA when using an existing
instance (git-fixes).
- Bluetooth: Fix NULL pointer deference on eir_get_service_data
(git-fixes).
- net/mdiobus: Fix potential out-of-bounds clause 45 read/write
access (git-fixes).
- net/mdiobus: Fix potential out-of-bounds read/write access
(git-fixes).
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
(git-fixes).
- Bluetooth: hci_core: fix list_for_each_entry_rcu usage
(git-fixes).
- ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
(git-fixes).
- pinctrl: st: Drop unused st_gpio_bank() function (git-fixes).
- pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes).
- commit d9ecc09
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- commit ffb9ab4
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit 8196566
- Revert "ipv6: save dontfrag in cork (git-fixes)."
This reverts commit d3fe600164867bd0529ed1049fbd53ca9fce2eaf.
See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/
and https://bugzilla.suse.com/show_bug.cgi?id=1244313.
- commit b9e7a4e
- Revert "kABI: ipv6: save dontfrag in cork (git-fixes)."
This reverts commit cbc81e238815721048ac709726467c90981753c9.
See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/
and https://bugzilla.suse.com/show_bug.cgi?id=1244313.
- commit 38d0091
- kABI fix for net: Remove RTNL dance for SIOCBRADDIF and
SIOCBRDELIF (CVE-2025-22111 bsc#1241572).
- commit edfd43c
- page_pool: avoid infinite loop to schedule delayed worker
(CVE-2025-37859 bsc#1243051).
- commit b8f1dfd
- tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521)
- commit 48e0415
- struct usci: hide additional member (git-fixes).
- commit 1b8456a
- net_sched: Flush gso_skb list too during ->change()
(CVE-2025-37992 bsc#1243698).
- netfilter: ipset: fix region locking in hash types
(CVE-2025-37997 bsc#1243832).
- ipvs: fix uninit-value for saddr in do_output_route4
(CVE-2025-37961 bsc#1243523).
- net: dsa: free routing table on probe failure (CVE-2025-37786
bsc#1242725).
- net: tls: explicitly disallow disconnect (CVE-2025-37756
bsc#1242515).
- net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF
(CVE-2025-22111 bsc#1241572).
- vlan: enforce underlying device type (CVE-2025-21920
bsc#1240686).
- xfrm: delete intermediate secpath entry in packet offload mode
(CVE-2025-21720 bsc#1238859).
- xfrm: state: fix out-of-bounds read during lookup
(CVE-2024-57982 bsc#1237913).
- rxrpc: Fix handling of received connection abort (CVE-2024-58053
bsc#1238982).
- commit d3e755f
- isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774).
Return the correct upper limit of the allocated cpumask.
modified:
- patches.suse/lib-group_cpus-honor-housekeeping-config-when-grouping.patch
- patches.suse/lib-group_cpus-let-group_cpu_evenly-return-number.patch
- commit 092bf4a
- xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes)
- commit 24d5250
- arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes)
- commit 28d162e
- Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes)
- commit 9dd3301
- xen/x86: fix initial memory balloon target (git-fixes).
- commit 7e938b1
- ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt
3 dock (stable-fixes).
- ALSA: usb-audio: Fix NULL pointer deref in
snd_usb_power_domain_set() (git-fixes).
- commit 9d209cd
- ALSA: usb-audio: Rename Pioneer mixer channel controls
(git-fixes).
- ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes).
- ALSA: usb-audio: Fix duplicated name in MIDI substream names
(stable-fixes).
- ALSA: usb-audio: mixer: Remove temporary string use in
parse_clock_source_unit (stable-fixes).
- commit e8737ac
- ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI
1.0 entry (stable-fixes).
- ALSA: usb-audio: Accept multiple protocols in GTBs
(stable-fixes).
- ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes).
- commit 498a796
- Revert "ALSA: usb-audio: Skip setting clock selector for single
connections" (stable-fixes).
- Refresh
patches.suse/ALSA-usb-audio-Ignore-clock-selector-errors-for-sing.patch.
- Refresh
patches.suse/ALSA-usb-audio-Support-multiple-control-interfaces.patch.
- commit d0138e9
- ALSA: usb-audio: Support read-only clock selector control
(stable-fixes).
- Refresh
patches.suse/ALSA-usb-audio-Ignore-clock-selector-errors-for-sing.patch.
- Refresh
patches.suse/ALSA-usb-audio-Support-multiple-control-interfaces.patch.
- commit ee97bec
- ALSA: usb-audio: Skip setting clock selector for single
connections (stable-fixes).
- Refresh
patches.suse/ALSA-usb-audio-Ignore-clock-selector-errors-for-sing.patch.
- Refresh
patches.suse/ALSA-usb-audio-Support-multiple-control-interfaces.patch.
- commit 7326e0b
- ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
(stable-fixes).
- ALSA: usb-audio: enable support for Presonus Studio 1824c
within 1810c file (stable-fixes).
- ALSA: usb-audio: Support multiple control interfaces
(stable-fixes).
- ALSA: usb-audio: Check shutdown at endpoint_set_interface()
(stable-fixes).
- commit d4a0ce3
- wifi: ath11k: update channel list in worker when wait flag is
set (bsc#1243847).
- commit 4cfebaa
- net: lan743x: Fix memleak issue when GSO enabled (CVE-2025-37909
bsc#1243467).
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
(CVE-2025-37921 bsc#1243480).
- commit 788c92a
- watchdog: mediatek: Add support for MT6735 TOPRGU/WDT
(git-fixes).
- commit 4df631e
- watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
(git-fixes).
- commit ba2db88
- module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827)
- commit 6979c9a
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- x86/xen: fix balloon target initialization for PVH dom0
(git-fixes).
- commit ad18aba
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
(bsc#1244309 ltc#213790).
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace
mmap (bsc#1244309 ltc#213790).
- commit 2d4ad48
- tracing: Verify event formats that have "%*p.." (CVE-2025-37938
bsc#1243544).
- tracing: Add __print_dynamic_array() helper (bsc#1243544).
- tracing: Add __string_len() example (bsc#1243544).
- commit c705d1d
- fbdev/efifb: Remove PM for parent device (bsc#1244261).
- Refresh
patches.suse/fbdev-efifb-Register-sysfs-groups-through-driver-cor.patch.
- commit 0c56458
- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes)
- commit 7d2ce51
- RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes)
- commit bfdc372
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- ftrace: Avoid potential division by zero in function_stat_show()
(CVE-2025-21898 bsc#1240610).
- commit d476f96
- tracing: Fix bad hist from corrupting named_triggers list
(CVE-2025-21899 bsc#1240577).
- commit 60219e4
- iommu: Skip PASID validation for devices without PASID capability (bsc#1244100)
- commit 647b2f4
- iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100)
- commit ca42766
- nfsd: Initialize ssc before laundromat_work to prevent NULL
dereference (git-fixes).
- commit 153c2a2
- nfsd: validate the nfsd_serv pointer before calling svc_wake_up
(git-fixes).
- commit af8b93e
- NFSD: Insulate nfsd4_encode_read_plus() from page boundaries
in the encode buffer (git-fixes).
- commit 91b6192
- jffs2: check jffs2_prealloc_raw_node_refs() result in few
other places (git-fixes).
- commit 254a145
- jffs2: check that raw node were preallocated before writing
summary (git-fixes).
- commit 4a6701a
- x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes).
- commit ae818bc
- x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes).
- commit dcdd8b6
- x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes).
- commit 65dff7c
- x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes).
- commit 662ffcd
- x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes).
- commit 15bb5b3
- blacklist.conf: Disable fineibt part of ITS mitigation
- Refresh
patches.suse/x86-its-Enumerate-Indirect-Target-Selection-ITS-bug.patch.
- commit cedb857
- xsk: fix an integer overflow in xp_create_and_assign_umem()
(bsc#1240823 CVE-2025-21997).
- commit 931fc27
- dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854).
- dlm: mask sk_shutdown value (bsc#1228854).
- commit 730d8cf
- ASoC: Intel: avs: Verify content returned by parse_int_array()
(git-fixes).
- ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX
(git-fixes).
- ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes).
- commit 7d227ae
- spi: bcm63xx-hsspi: fix shared reset (git-fixes).
- spi: bcm63xx-spi: fix shared reset (git-fixes).
- regulator: max14577: Add error check for max14577_read_reg()
(git-fixes).
- usb: usbtmc: Fix timeout value in get_stb (git-fixes).
- usb: usbtmc: Fix read_stb function and get_stb ioctl
(git-fixes).
- usb: cdnsp: Fix issue with detecting command completion event
(git-fixes).
- usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes).
- usb: Flush altsetting 0 endpoints before reinitializating them
after reset (git-fixes).
- usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
(git-fixes).
- thunderbolt: Fix a logic error in wake on connect (git-fixes).
- usb: renesas_usbhs: Reorder clock handling and power management
in probe (git-fixes).
- vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
(git-fixes).
- serial: Fix potential null-ptr-deref in mlb_usio_probe()
(git-fixes).
- staging: iio: ad5933: Correct settling cycles encoding per
datasheet (git-fixes).
- iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes).
- iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes).
- iio: filter: admv8818: fix range calculation (git-fixes).
- iio: filter: admv8818: fix integer overflow (git-fixes).
- iio: filter: admv8818: fix band 4, state 15 (git-fixes).
- VMCI: fix race between vmci_host_setup_notify and
vmci_ctx_unset_notify (git-fixes).
- iio: accel: fxls8962af: Fix temperature scan element sign
(git-fixes).
- iio: imu: inv_icm42600: Fix temperature calculation (git-fixes).
- iio: adc: ad7606_spi: fix reg write value mask (git-fixes).
- bus: mhi: host: Fix conflict between power_up and SYSERR
(git-fixes).
- drm/amd/display: Add null pointer check for
get_first_active_display() (git-fixes).
- drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
(git-fixes).
- commit def2214
- s390/pci: Serialize device addition and removal (bsc#1244145).
- commit f1ae730
- s390/pci: Allow re-add of a reserved but not yet removed device
(bsc#1244145).
- commit a73fcdb
- s390/pci: Prevent self deletion in disable_slot() (bsc#1244145).
- commit 136fe4f
- s390/pci: Remove redundant bus removal and disable from
zpci_release_device() (bsc#1244145).
- commit 9bbc219
- s390/pci: Fix potential double remove of hotplug slot
(bsc#1244145).
- commit 9714d95
- s390/pci: remove hotplug slot when releasing the device
(bsc#1244145).
- commit 1415bb1
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when
PF has child VFs (git-fixes bsc#1244145).
- commit 3430d11
- s390/pci: introduce lock to synchronize state of zpci_dev's
(jsc#PED-10253 bsc#1244145).
- Refresh
patches.suse/s390-pci-Fix-leak-of-struct-zpci_dev-when-zpci_add_device-fails.patch.
- Refresh
patches.suse/s390-pci-Sort-PCI-functions-prior-to-creating-virtual-busses.patch.
- commit 2644b79
- s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253
bsc#1244145).
- Refresh
patches.suse/s390-pci-Fix-leak-of-struct-zpci_dev-when-zpci_add_device-fails.patch.
- Refresh
patches.suse/s390-pci-Sort-PCI-functions-prior-to-creating-virtual-busses.patch.
- Refresh
patches.suse/s390-pci-Use-topology-ID-for-multi-function-devices.patch.
- commit 9223df0
- media: mediatek: vcodec: Only free buffer VA that is not NULL
(CVE-2023-52888 bsc#1228557).
- commit 0299171
- net: fix udp gso skb_segment after pull from frag_list
(git-fixes).
- commit 8353437
- page_pool: Fix use-after-free in page_pool_recycle_in_ring
(git-fixes).
- commit 69ccdcd
- net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)
(git-fixes).
- commit d107edf
- net: sched: em_text: fix possible memory leak in
em_text_destroy() (git-fixes).
- commit 71395f7
- neighbour: Don't let neigh_forced_gc() disable preemption for
long (git-fixes).
- commit fea49bb
- net: sched: cls_u32: Fix allocation size in u32_init()
(git-fixes).
- commit eea3eab
- Move upstreamed patches into sorted section
- commit c9465fb
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- Drop AMDGPU patch that may cause regressions (bsc#1243782)
Deleted:
patches.suse/drm-amd-display-more-liberal-vmin-vmax-update-for-fr.patch
- commit c23b99f
- wifi: ath12k: Avoid memory leak while enabling statistics
(CVE-2025-37743 bsc#1242163).
- commit f493528
- PM: sleep: Fix power.is_suspended cleanup for direct-complete
devices (git-fixes).
- net: wwan: t7xx: Fix napi rx poll issue (git-fixes).
- Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
(git-fixes).
- Bluetooth: hci_qca: move the SoC type check to the right place
(git-fixes).
- rtc: Fix offset calculation for .start_secs < 0 (git-fixes).
- rtc: stm32: drop unused module alias (git-fixes).
- rtc: s3c: drop unused module alias (git-fixes).
- rtc: pm8xxx: drop unused module alias (git-fixes).
- rtc: jz4740: drop unused module alias (git-fixes).
- rtc: da9063: drop unused module alias (git-fixes).
- rtc: cpcap: drop unused module alias (git-fixes).
- rtc: at91rm9200: drop unused module alias (git-fixes).
- rtc: sh: assign correct interrupts with DT (git-fixes).
- dmaengine: ti: Add NULL check in udma_probe() (git-fixes).
- phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes).
- commit ec23ee6
- net: usb: aqc111: debug info before sanitation (git-fixes).
- commit fc18979
- openvswitch: Fix unsafe attribute parsing in output_userspace() (CVE-2025-37998 bsc#1243836)
- commit 51afd13
- octeon_ep: Fix host hang issue during device reboot (CVE-2025-37933 bsc#1243628)
- commit 44230dd
- kABI: ipv6: save dontfrag in cork (git-fixes).
Patch-up the kABI change with an #ifdef __GENKSYMS__. This change is
safe (as detailed in the patch commit message) due to the struct
having a 6-byte hole at the end we can use.
- commit cbc81e2
- ipv6: save dontfrag in cork (git-fixes).
- commit d3fe600
- tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
(git-fixes).
- commit 756fa72
- netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes).
- commit e02eac4
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
(git-fixes).
- commit d943643
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
(git-fixes).
- commit 09561a1
- xsk: always clear DMA mapping information when unmapping the
pool (git-fixes).
- commit 9908bc6
- net: sched: fix erspan_opt settings in cls_flower (git-fixes).
- commit fc52734
- spi: spi-imx: Add check for spi_imx_setupxfer() (CVE-2025-37801 bsc#1242850)
- commit f3955e7
- ipmr: fix tables suspicious RCU usage (git-fixes).
- commit d029f0f
- ip6mr: fix tables suspicious RCU usage (git-fixes).
- commit 79bb134
- netpoll: Use rcu_access_pointer() in __netpoll_setup
(git-fixes).
- commit f180c62
- netdev-genl: Hold rcu_read_lock in napi_get (git-fixes).
- commit 895e121
- net/neighbor: clear error in case strict check is not set
(git-fixes).
- commit 9eb711a
- ipv4: Convert ip_route_input() to dscp_t (git-fixes).
- commit 401defe
- net: sched: consistently use rcu_replace_pointer() in
taprio_change() (git-fixes).
- commit a6910eb
- udp: fix receiving fraglist GSO packets (git-fixes).
- commit 5b87500
- net: linkwatch: use system_unbound_wq (git-fixes).
- commit 34d590e
- net: page_pool: fix warning code (git-fixes).
- commit 0d77245
- net: give more chances to rcu in netdev_wait_allrefs_any()
(git-fixes).
- commit a1b1859
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
(git-fixes).
- commit b96b4a8
- tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes).
- commit afdb9bb
- udp: preserve the connected status if only UDP cmsg (git-fixes).
- commit 8714e3a
- udp: fix incorrect parameter validation in the
udp_lib_getsockopt() function (git-fixes).
- commit 34a2994
- ipmr: fix incorrect parameter validation in the
ip_mroute_getsockopt() function (git-fixes).
- commit f23f4c9
- ip_tunnel: annotate data-races around t->parms.link (git-fixes).
- commit 765e083
- net: add rcu safety to rtnl_prop_list_size() (git-fixes).
- commit 1e0fceb
- net: ipv4: fix a memleak in ip_setup_cork (git-fixes).
- commit 935ac41
- udp: annotate data-races around up->pending (git-fixes).
- commit 72fda93
- ipv4: Correct/silence an endian warning in __ip_do_redirect
(git-fixes).
- commit 011b9c9
- driver core: fix potential NULL pointer dereference in
dev_uevent() (CVE-2025-37800 bsc#1242849).
- driver core: introduce device_set_driver() helper
(CVE-2025-37800 bsc#1242849).
- commit 3aecdc2
- soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes).
- commit a145886
- wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes).
- wifi: mt76: mt7996: set EHT max ampdu length capability
(git-fixes).
- wifi: mt76: mt7925: ensure all MCU commands wait for response
(git-fixes).
- wifi: mt76: mt7925: refine the sniffer commnad (git-fixes).
- wifi: mt76: mt7925: prevent multiple scan commands (git-fixes).
- wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
(git-fixes).
- wifi: mt76: mt7925: fix host interrupt register initialization
(git-fixes).
- Revert "wifi: mt76: mt7996: fill txd by host driver"
(stable-fixes).
- wifi: ath9k_htc: Abort software beacon handling if disabled
(git-fixes).
- wifi: ath12k: fix ring-buffer corruption (git-fixes).
- wifi: ath11k: fix rx completion meta data corruption
(git-fixes).
- wifi: ath11k: fix ring-buffer corruption (git-fixes).
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
(git-fixes).
- wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (git-fixes).
- wifi: rtw88: usb: Reduce control message timeout to 500 ms
(git-fixes).
- wifi: rtw89: pci: enlarge retry times of RX tag to 1000
(git-fixes).
- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID
11ad:1723 (git-fixes).
- wifi: rtw88: do not ignore hardware read error during DPK
(git-fixes).
- wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status
unconditionally (git-fixes).
- wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT
(git-fixes).
- wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes).
- wifi: ath12k: fix node corruption in ar->arvifs list
(git-fixes).
- wifi: ath12k: Fix the QoS control field offset to build QoS
header (git-fixes).
- commit 3f5d0e4
- wifi: mt76: only mark tx-status-failed frames as ACKed on
mt76x0/2 (stable-fixes).
- commit 0de0b80
- wifi: ath12k: Add MSDU length validation for TKIP MIC error
(git-fixes).
- wifi: ath12k: fix invalid access to memory (git-fixes).
- wifi: ath12k: Fix WMI tag for EHT rate in peer assoc
(git-fixes).
- wifi: ath12k: fix cleanup path after mhi init (git-fixes).
- wifi: ath12k: Fix invalid memory access while forming 802.11
header (git-fixes).
- wifi: ath12k: Fix memory leak during vdev_id mismatch
(git-fixes).
- wifi: ath11k: fix node corruption in ar->arvifs list
(git-fixes).
- watchdog: exar: Shorten identity name to fit correctly
(git-fixes).
- wifi: iwlwifi: add support for Killer on MTL (stable-fixes).
- wifi: mt76: mt7996: revise TXS size (stable-fixes).
- wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
(stable-fixes).
- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes).
- wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
(stable-fixes).
- wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
(stable-fixes).
- wifi: iwlwifi: fix debug actions order (stable-fixes).
- wifi: ath12k: Report proper tx completion status to mac80211
(stable-fixes).
- wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz
band (stable-fixes).
- wifi: ath12k: Avoid napi_sync() before napi_enable()
(stable-fixes).
- wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1
override (stable-fixes).
- wifi: ath9k: return by of_get_mac_address (stable-fixes).
- wifi: ath12k: Fix end offset bit definition in monitor ring
descriptor (stable-fixes).
- wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
(stable-fixes).
- wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU
(stable-fixes).
- wifi: rtw88: Don't use static local variable in
rtw8822b_set_tx_power_index_by_rate (stable-fixes).
- wifi: rtw89: add wiphy_lock() to work that isn't held
wiphy_lock() yet (stable-fixes).
- wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
(stable-fixes).
- wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
(stable-fixes).
- commit 9963350
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(git-fixes).
- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
(git-fixes).
- soc: aspeed: lpc: Fix impossible judgment condition (git-fixes).
- spi: sh-msiof: Fix maximum DMA transfer size (git-fixes).
- spi: tegra210-quad: modify chip select (CS) deactivation
(git-fixes).
- spi: tegra210-quad: remove redundant error handling code
(git-fixes).
- spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4
transfers (git-fixes).
- spi: spi-sun4i: fix early activation (stable-fixes).
- spi-rockchip: Fix register out of bounds access (stable-fixes).
- thunderbolt: Do not add non-active NVM if NVM upgrade is
disabled for retimer (stable-fixes).
- usb: xhci: Don't change the status of stalled TDs on failed
Stop EP (stable-fixes).
- serial: sh-sci: Save and restore more registers (git-fixes).
- serial: sh-sci: Update the suspend/resume support
(stable-fixes).
- thermal/drivers/qoriq: Power down TMU on system suspend
(stable-fixes).
- soundwire: amd: change the soundwire wake enable/disable
sequence (stable-fixes).
- soc: ti: k3-socinfo: Do not use syscon helper to build regmap
(stable-fixes).
- spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes).
- commit 38d0a8f
- PM: sleep: Print PM debug messages during hibernation
(git-fixes).
- commit 96179c7
- PCI: dw-rockchip: Fix PHY function call sequence in
rockchip_pcie_phy_deinit() (git-fixes).
- PCI: cadence: Fix runtime atomic count underflow (git-fixes).
- PCI: apple: Use gpiod_set_value_cansleep in probe flow
(git-fixes).
- PCI: cadence-ep: Correct PBA offset in .set_msix() callback
(git-fixes).
- PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).
- PCI: Explicitly put devices into D0 when initializing
(git-fixes).
- PCI/DPC: Initialize aer_err_info before using it (git-fixes).
- selftests/mm: restore default nr_hugepages value during cleanup
in hugetlb_reparenting_test.sh (git-fixes).
- pinctrl: armada-37xx: set GPIO output value before setting
direction (git-fixes).
- pinctrl: armada-37xx: use correct OUTPUT_VAL register for
GPIOs > 31 (git-fixes).
- pinctrl: at91: Fix possible out-of-boundary access (git-fixes).
- selftests/bpf: Fix bpf_nf selftest failure (git-fixes).
- selftests/seccomp: fix syscall_restart test for arm compat
(git-fixes).
- PM: wakeup: Delete space in the end of string shown by
pm_show_wakelocks() (git-fixes).
- power: reset: at91-reset: Optimize at91_reset() (git-fixes).
- regulator: max20086: Change enable gpio to optional (git-fixes).
- regulator: max20086: Fix MAX200086 chip id (git-fixes).
- platform/x86: thinkpad_acpi: Ignore battery threshold change
event notification (stable-fixes).
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
(stable-fixes).
- phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Lock around hardware registers
and driver data (git-fixes).
- phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
(stable-fixes).
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
(stable-fixes).
- pinctrl: meson: define the pull up/down resistor value as 60
kOhm (stable-fixes).
- rtc: rv3032: fix EERD location (stable-fixes).
- rtc: ds1307: stop disabling alarms on probe (stable-fixes).
- phy: core: don't require set_mode() callback for phy_get_mode()
to work (stable-fixes).
- pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
(git-fixes).
- pinctrl-tegra: Restore SFSEL bit when freeing pins
(stable-fixes).
- pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
(stable-fixes).
- pinctrl: devicetree: do not goto err when probing hogs in
pinctrl_dt_to_map (stable-fixes).
- PCI: dwc: ep: Ensure proper iteration over outbound map windows
(stable-fixes).
- PCI: brcmstb: Expand inbound window size up to 64GB
(stable-fixes).
- PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes).
- PCI: Fix old_size lower bound in calculate_iosize() too
(stable-fixes).
- selftests/net: have `gro.sh -t` return a correct exit code
(stable-fixes).
- regulator: ad5398: Add device tree support (stable-fixes).
- PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes).
- phy: renesas: rcar-gen3-usb2: Add support to initialize the bus
(stable-fixes).
- commit 32a9142
- tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes).
- commit 2a9c7bb
- mtd: rawnand: sunxi: Add randomizer configuration in
sunxi_nfc_hw_ecc_write_chunk (git-fixes).
- mtd: nand: sunxi: Add randomizer configuration before randomizer
enable (git-fixes).
- mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
(git-fixes).
- net: phy: mscc: Stop clearing the the UDPv4 checksum for L2
frames (git-fixes).
- net: phy: mscc: Fix memory leak when using one step timestamping
(git-fixes).
- net: phy: clear phydev->devlink when the link is deleted
(git-fixes).
- net: phy: fix up const issues in to_mdio_device() and
to_phy_device() (git-fixes).
- net: usb: aqc111: fix error handling of usbnet read calls
(git-fixes).
- mmc: host: Wait for Vdd to settle on card power off
(stable-fixes).
- mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes).
- commit eedda90
- mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
(git-fixes).
- mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice
in exynos_lpass_remove() (git-fixes).
- media: uvcvideo: Fix deferred probing error (git-fixes).
- media: uvcvideo: Return the number of processed controls
(git-fixes).
- media: omap3isp: use sgtable-based scatterlist wrappers
(git-fixes).
- media: videobuf2: use sgtable-based scatterlist wrappers
(git-fixes).
- media: v4l2-dev: fix error handling in __video_register_device()
(git-fixes).
- media: ov8856: suppress probe deferral errors (git-fixes).
- media: ov5675: suppress probe deferral errors (git-fixes).
- media: nxp: imx8-isi: better handle the m2m usage_count
(git-fixes).
- media: gspca: Add error handling for stv06xx_read_sensor()
(git-fixes).
- media: davinci: vpif: Fix memory leak in probe error path
(git-fixes).
- media: vivid: Change the siize of the composing (git-fixes).
- media: cxusb: no longer judge rbuf when the write fails
(git-fixes).
- media: vidtv: Terminating the subsequent process of
initialization failure (git-fixes).
- media: ccs-pll: Correct the upper limit of maximum
op_pre_pll_clk_div (git-fixes).
- media: ccs-pll: Check for too high VT PLL multiplier in dual
PLL case (git-fixes).
- media: ccs-pll: Start VT pre-PLL multiplier search from correct
value (git-fixes).
- media: ccs-pll: Start OP pre-PLL multiplier search from correct
value (git-fixes).
- media: imx-jpeg: Cleanup after an allocation error (git-fixes).
- media: imx-jpeg: Reset slot data pointers when freed
(git-fixes).
- media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
(git-fixes).
- media: imx-jpeg: Drop the first error frames (git-fixes).
- media: venus: Fix probe error handling (git-fixes).
- media: rkvdec: Fix frame size enumeration (git-fixes).
- mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check
(stable-fixes).
- media: c8sectpfe: Call of_node_put(i2c_bus) only once in
c8sectpfe_probe() (stable-fixes).
- media: cx231xx: set device_caps for 417 (stable-fixes).
- media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
(stable-fixes).
- media: uvcvideo: Handle uvc menu translation inside
uvc_get_le_value (stable-fixes).
- media: adv7180: Disable test-pattern control on adv7180
(stable-fixes).
- media: tc358746: improve calculation of the D-PHY timing
registers (stable-fixes).
- media: test-drivers: vivid: don't call schedule in loop
(stable-fixes).
- media: i2c: imx219: Correct the minimum vblanking value
(stable-fixes).
- media: v4l: Memset argument to 0 before calling get_mbus_config
pad op (stable-fixes).
- media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware
is available (stable-fixes).
- mmc: sdhci: Disable SD card clock before changing parameters
(stable-fixes).
- commit de6c9a2
- Input: gpio-keys - fix possible concurrent access in
gpio_keys_irq_timer() (git-fixes).
- commit e29f865
- hwmon: (asus-ec-sensors) check sensor index in read_string()
(git-fixes).
- Input: ims-pcu - check record size in ims_pcu_flash_firmware()
(git-fixes).
- firmware: psci: Fix refcount leak in psci_dt_init (git-fixes).
- gpiolib: Revert "Don't WARN on gpiod_put() for optional GPIO"
(stable-fixes).
- Input: xpad - add more controllers (stable-fixes).
- gpio: pca953x: fix IRQ storm on system wake up (git-fixes).
- HID: quirks: Add ADATA XPG alpha wireless mouse support
(stable-fixes).
- intel_th: avoid using deprecated page->mapping, index fields
(stable-fixes).
- ima: process_measurement() needlessly takes inode_lock()
on MAY_READ (stable-fixes).
- i3c: master: svc: Fix implicit fallthrough in
svc_i3c_master_ibi_work() (git-fixes).
- i3c: master: svc: Fix missing STOP for master request
(stable-fixes).
- i3c: master: svc: Flush FIFO before sending Dynamic Address
Assignment(DAA) (stable-fixes).
- i2c: qup: Vote for interconnect bandwidth to DRAM
(stable-fixes).
- i2c: pxa: fix call balance of i2c->clk handling routines
(stable-fixes).
- fpga: altera-cvp: Increase credit timeout (stable-fixes).
- mailbox: use error ret code of of_parse_phandle_with_args()
(stable-fixes).
- leds: pwm-multicolor: Add check for fwnode_property_read_u32
(stable-fixes).
- firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes).
- firmware: arm_ffa: Reject higher major version as incompatible
(stable-fixes).
- ieee802154: ca8210: Use proper setters and getters for bitwise
types (stable-fixes).
- HID: usbkbd: Fix the bit shift number for LED_KANA
(stable-fixes).
- hwmon: (dell-smm) Increment the number of fans (stable-fixes).
- hwmon: (gpio-fan) Add missing mutex locks (stable-fixes).
- hwmon: (xgene-hwmon) use appropriate type for the latency value
(stable-fixes).
- gpio: pca953x: Simplify code with cleanup helpers
(stable-fixes).
- gpio: pca953x: Split pca953x_restore_context() and
pca953x_save_context() (stable-fixes).
- commit 50f84af
- fbdev: Fix fb_set_var to prevent null-ptr-deref in
fb_videomode_to_var (git-fixes).
- fbdev: Fix do_register_framebuffer to prevent null-ptr-deref
in fb_videomode_to_var (git-fixes).
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
(git-fixes).
- drm/msm/gpu: Fix crash when throttling GPU immediately during
boot (git-fixes).
- drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components
on err (git-fixes).
- drm/mediatek: Fix kobject put for component sub-drivers
(git-fixes).
- drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device
ptr (git-fixes).
- Revert "drm/amdgpu: don't allow userspace to create a doorbell
BO" (stable-fixes).
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table (git-fixes).
- drm/tegra: Fix a possible null pointer dereference (git-fixes).
- drm/tegra: rgb: Fix the unbound reference count (git-fixes).
- drm/tegra: Assign plane type before registration (git-fixes).
- drm/vkms: Adjust vkms_state->active_planes allocation type
(git-fixes).
- drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
(git-fixes).
- drm/bridge: lt9611uxc: Fix an error handling path in
lt9611uxc_probe() (git-fixes).
- drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes).
- drm/ast: Fix comment on modeset lock (git-fixes).
- drm/vc4: tests: Use return instead of assert (git-fixes).
- drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
(git-fixes).
- drm/bridge: cdns-dsi: Check return value when getting default
PHY config (git-fixes).
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
(git-fixes).
- drm/bridge: cdns-dsi: Fix phy de-init and flag it so
(git-fixes).
- drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes).
- drm/udl: Unregister device before cleaning up on disconnect
(git-fixes).
- drm/vmwgfx: Add seqno waiter for sync_files (git-fixes).
- Documentation/rtla: Fix typo in common_timerlat_description.rst
(git-fixes).
- Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes).
- drm/amd/display: fix link_set_dpms_off multi-display MST corner
case (stable-fixes).
- drm/amd/display: Guard against setting dispclk low for dcn31x
(stable-fixes).
- drm/amdgpu: Update SRIOV video codec caps (stable-fixes).
- drm/amd/display: remove minimum Dispclk and apply oem panel
timing (stable-fixes).
- drm/amd/display: Fix incorrect DPCD configs while Replay/PSR
switch (stable-fixes).
- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
(stable-fixes).
- drm/amdkfd: Set per-process flags only once cik/vi
(stable-fixes).
- drm/amdgpu: Do not program AGP BAR regs under SRIOV in
gfxhub_v1_0.c (stable-fixes).
- drm/amd/display: Skip checking FRL_MODE bit for PCON BW
determination (stable-fixes).
- drm/amdkfd: KFD release_work possible circular locking
(stable-fixes).
- drm/rockchip: vop2: Add uv swap for cluster window
(stable-fixes).
- drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes).
- drm/amd/display: Don't try AUX transactions on disconnected link
(stable-fixes).
- drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
(stable-fixes).
- drm/amd/display: Update CR AUX RD interval interpretation
(stable-fixes).
- drm/amd/display: Initial psr_version with correct setting
(stable-fixes).
- drm/amd/display: Increase block_sequence array size
(stable-fixes).
- drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes).
- drm/amd/display/dm: drop hw_support check in
amdgpu_dm_i2c_xfer() (stable-fixes).
- drm/v3d: Add clock handling (stable-fixes).
- drm/ast: Find VBIOS mode from regular display size
(stable-fixes).
- drm: bridge: adv7511: fill stream capabilities (stable-fixes).
- drm/atomic: clarify the rules around
drm_atomic_state->allow_modeset (stable-fixes).
- drm/panel-edp: Add Starry 116KHD024006 (stable-fixes).
- drm: Add valid clones check (stable-fixes).
- fbdev: fsl-diu-fb: add missing device_remove_file()
(stable-fixes).
- fbcon: Use correct erase colour for clearing in fbcon
(stable-fixes).
- fbdev: core: tileblit: Implement missing margin clearing for
tileblit (stable-fixes).
- firmware: arm_scmi: Relax duplicate name constraint across
protocol ids (stable-fixes).
- commit 0574d41
- Documentation/rtla: Fix duplicate text about timerlat tracer
(git-fixes).
- crypto: marvell/cesa - Do not chain submitted requests
(git-fixes).
- crypto: sun8i-ce - move fallback ahash_request to the end of
the struct (git-fixes).
- crypto: xts - Only add ecb if it is not already there
(git-fixes).
- crypto: lrw - Only add ecb if it is not already there
(git-fixes).
- crypto: marvell/cesa - Avoid empty transfer descriptor
(git-fixes).
- crypto: marvell/cesa - Handle zero-length skcipher requests
(git-fixes).
- crypto: sun8i-ss - do not use sg_dma_len before calling DMA
functions (git-fixes).
- Documentation: fix typo in root= kernel parameter description
(git-fixes).
- dmaengine: idxd: cdev: Fix uninitialized use of sva in
idxd_cdev_open (stable-fixes).
- commit 8e41cce
- backlight: pm8941: Add NULL check in wled_configure()
(git-fixes).
- bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes).
- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP
device (git-fixes).
- bus: fsl-mc: fix double-free on mc_dev (git-fixes).
- Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect
devices first" (stable-fixes).
- Bluetooth: MGMT: iterate over mesh commands in
mgmt_mesh_foreach() (git-fixes).
- ASoC: qcom: sdm845: Add error handling in
sdm845_slim_snd_hw_params() (git-fixes).
- ASoC: apple: mca: Constrain channels according to TDM mask
(git-fixes).
- ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation
type (git-fixes).
- crypto: sun8i-ce-cipher - fix error handling in
sun8i_ce_cipher_prepare() (git-fixes).
- crypto: qat - add shutdown handler to qat_420xx (git-fixes).
- crypto: qat - add shutdown handler to qat_4xxx (git-fixes).
- crypto: octeontx2 - suppress auth failure screaming due to
negative tests (stable-fixes).
- crypto: lzo - Fix compression buffer overrun (stable-fixes).
- crypto: skcipher - Zap type in crypto_alloc_sync_skcipher
(stable-fixes).
- can: c_can: Use of_property_present() to test existence of DT
property (stable-fixes).
- commit 595e083
- ASoC: meson: meson-card-utils: use of_property_present()
for DT parsing (git-fixes).
- ASoC: tas2764: Enable main IRQs (git-fixes).
- ASoC: tas2764: Reinit cache on part reset (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
(stable-fixes).
- ASoC: imx-card: Adjust over allocation of memory in
imx_card_parse_of() (stable-fixes).
- ASoC: mediatek: mt6359: Add stub for
mt6359_accdet_enable_jack_detect (stable-fixes).
- ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes).
- ASoC: qcom: sm8250: explicitly set format in
sm8250_be_hw_params_fixup() (stable-fixes).
- ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile
(stable-fixes).
- ASoC: mediatek: mt8188: Add reference for dmic clocks
(stable-fixes).
- commit 255f2cb
- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
(stable-fixes).
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
(stable-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
(stable-fixes).
- ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
(stable-fixes).
- ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG
(stable-fixes).
- ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes).
- ASoC: tas2764: Power up/down amp on mute ops (stable-fixes).
- ASoC: ops: Enforce platform maximum on initial value
(stable-fixes).
- ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode
(stable-fixes).
- ASoC: rt722-sdca: Add some missing readable registers
(stable-fixes).
- commit ab5fcf6
- kABI workaround for hda_codec.beep_just_power_on flag
(git-fixes).
- commit 11aaa35
- acpi-cpufreq: Fix nominal_freq units to KHz in
get_max_boost_ratio() (git-fixes).
- ACPICA: Utilities: Fix spelling mistake "Incremement" ->
"Increment" (git-fixes).
- ACPICA: exserial: don't forget to handle FFixedHW opregions
for reading (git-fixes).
- ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
(git-fixes).
- ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list
(stable-fixes).
- accel/qaic: Mask out SR-IOV PCI resources (stable-fixes).
- ALSA: seq: Improve data consistency at polling (stable-fixes).
- ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook
855 G7 (stable-fixes).
- ACPI: HED: Always initialize before evged (stable-fixes).
- commit 6ebe577
- net: ethernet: mtk-star-emac: fix spinlock recursion issues
on rx/tx poll (CVE-2025-37917 bsc#1243475).
- commit 0f659f2
- usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further
(git-fixes).
- commit bae0091
- usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm
devices (git-fixes).
- commit a0506dd
- usb: typec: ucsi: Only enable supported notifications
(git-fixes).
- commit 3a52706
- usb: typec: ucsi: fix UCSI on buggy Qualcomm devices
(git-fixes).
- commit 5ca6578
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
(git-fixes).
- commit 1564858
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
(git-fixes).
- commit 2bfd2a7
- pstore: Change kmsg_bytes storage size to u32 (git-fixes).
- commit c964f36
- orangefs: Do not truncate file size (git-fixes).
- commit 9fbe3ae
- NFSv4: Check for delegation validity in
nfs_start_delegation_return_locked() (git-fixes).
- commit a689f10
- NFS: Don't allow waiting for exiting tasks (git-fixes).
- Refresh
patches.suse/nfs-add-missing-selections-of-CONFIG_CRC32.patch.
- commit 899f47c
- SUNRPC: Don't allow waiting for exiting tasks (git-fixes).
- commit 8b942ca
- NFSv4: Treat ENETUNREACH errors as fatal for state recovery
(git-fixes).
- commit 9139fd5
- SUNRPC: rpc_clnt_set_transport() must not change the autobind
setting (git-fixes).
- commit e2112a4
- SUNRPC: rpcbind should never reset the port to the value '0'
(git-fixes).
- commit f49c9db
- pNFS/flexfiles: Report ENETDOWN as a connection error
(git-fixes).
- commit 39e7a29
- iommu: Protect against overflow in iommu_pgsize() (git-fixes).
- commit 6adbec5
- ext4: define ext4_journal_destroy wrapper (CVE-2025-22113
bsc#1241617).
- commit 8dddf47
- ext4: ignore xattrs past end (bsc#1242846 CVE-2025-37738).
- commit 2a74454
- ext4: avoid journaling sb update on error if journal is
destroying (bsc#1241617 CVE-2025-22113).
- commit 0445179
- net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving
proposal msg (CVE-2024-49568 bsc#1235728).
- commit a7c2f15
- i2c: tegra: check msg length in SMBUS block read (bsc#1242086)
- commit 625407a
- iio: light: opt3001: fix deadlock due to concurrent flag access (CVE-2025-37968 bsc#1243571)
- commit 0e5e655
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (CVE-2025-37936 bsc#1243537)
- commit 2e13950
- net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (CVE-2025-37945 bsc#1243538)
- commit efc17f3
- pds_core: Prevent possible adminq overflow/stuck condition (CVE-2025-37987 bsc#1243542)
- commit ba1ea39
- SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
(git-fixes).
- commit dc6e86f
- Refresh
patches.suse/nfs-ignore-SB_RDONLY-when-remounting-nfs.patch.
- commit 359f356
- Refresh
patches.suse/nfs-clear-SB_RDONLY-before-getting-superblock.patch.
- commit 2697e51
- fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
(git-fixes).
- commit fcf1703
- powerpc/pseries/msi: Avoid reading PCI device registers in
reduced power states (bsc#1215199).
- KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion
(bsc#1215199).
- commit 2d2709b
- Update patches.suse/nfsd-Fix-race-to-FREE_STATEID-and-cl_revoked.patch
(bsc#1012628 CVE-2024-50106 bsc#1232882).
- commit a87a308
- net: ngbe: fix memory leak in ngbe_probe() error path (CVE-2025-37874 bsc#1242940)
- commit bc2e64d
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- crmsh
-
- Update to version 4.6.2+20250630.2405120:
* Fix: bootstrap: should fallback to default user when `core.hosts` is not availabe from the seed node (bsc#1245343)
* Fix: log: Improve function confirm's logic (bsc#1245386)
* Dev: bootstrap: Remove dead node from the cluster
* Dev: Prevent actions when offline nodes are unreachable
* Dev: xmlutil: Address circular import issue
* Dev: bootstrap: Remove user@host item from /root/.config/crm/crm.conf when removing node
* Dev: provide a friendly message when passwordless ssh does not work (bsc#1244525)
* Dev: cibconfig: Prevent adding Pacemaker remote resources to groups, orders, or colocations
* Fix: report.collect: Detect log existence before using it (bsc#1244515)
- samba
-
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).
- cyrus-sasl
-
- Add Channel Binding support for GSSAPI/GSS-SPNEGO; (bsc#1229655);
(jsc#PED-12097); Add patch
0009-Add-Channel-Binding-support-for-GSSAPI-GSS-SPNEGO.patch
- Add support for setting max ssf 0 to GSS-SPNEGO; (bsc#1229655);
(jsc#PED-12097); Add patch
0010-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch
- docker
-
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://github.com/moby/moby/releases/tag/v28.2.2>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
* Add iputils-CVE-2025-48964_03.patch
* Add iputils-CVE-2025-48964_04.patch
* Add iputils-CVE-2025-48964_regression.patch
- mozilla-nss
-
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_02.patch
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- libxml2
-
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- python-azure-agent
-
- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf
(bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
using python2 in SLE 12 (bsc#1240385)
- python-psutil
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- salt
-
- Add `minion_legacy_req_warnings` option to avoid noisy warnings
- Require M2Crypto >= 0.44.0 for SUSE Family distros
- Added:
* add-minion_legacy_req_warnings-option-to-avoid-noisy.patch
- Prevent tests failures when pygit2 is not present
- Several fixes for security issues
(bsc#1244561, CVE-2024-38822)
(bsc#1244564, CVE-2024-38823)
(bsc#1244565, CVE-2024-38824)
(bsc#1244566, CVE-2024-38825)
(bsc#1244567, CVE-2025-22240)
(bsc#1244568, CVE-2025-22236)
(bsc#1244570, CVE-2025-22241)
(bsc#1244571, CVE-2025-22237)
(bsc#1244572, CVE-2025-22238)
(bsc#1244574, CVE-2025-22239)
(bsc#1244575, CVE-2025-22242)
* Request server hardening
* Prevent traversal in local_cache::save_minions
* Add test and fix for file_recv cve
* Fix traversal in gitfs find_file
* Fix traversal in salt.utils.virt
* Fix traversal in pub_ret
* Reasonable failures when pillars timeout
* Make send_req_async wait longer
* Remove token to prevent decoding errors
* Fix checking of non-url style git remotes
* Allow subdirs in GitFS find_file check
- Add subsystem filter to udev.exportdb (bsc#1236621)
- tornado.httputil: raise errors instead of logging in
multipart/form-data parsing (CVE-2025-47287, bsc#1243268)
- Fix Ubuntu 24.04 edge-case test failures
- Fix broken tests for Ubuntu 24.04
- Fix refresh of osrelease and related grains on Python 3.10+
- Make "salt" package to obsolete "python3-salt" package on SLE15SP7+
- Fix issue requiring proper Python flavor for dependencies and recommended package
- Added:
* fix-tests-issues-in-salt-shaker-environments-721.patch
* several-fixes-for-security-issues.patch
* add-subsystem-filter-to-udev.exportdb-bsc-1236621-71.patch
* fix-of-cve-2025-47287-bsc-1243268-718.patch
* fix-ubuntu-24.04-specific-failures-716.patch
* fix-debian-tests-715.patch
* fix-refresh-of-osrelease-and-related-grains-on-pytho.patch
- python-azure-appconfiguration
-
- New upstream release
+ Version 1.7.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 1.7.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-batch
-
- New upstream release
+ Version 14.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-batch
-
- New upstream release
+ Version 17.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-compute
-
- New upstream release
+ Version 33.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 33.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 30.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-containerservice
-
- New upstream release
+ Version 32.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 30.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-cosmosdb
-
- New upstream release
+ Version 9.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 9.5.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 9.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-rdbms
-
- New upstream release
+ Version 10.2.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b14
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-recoveryservicesbackup
-
- New upstream release
+ Version 9.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 9.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-recoveryservices
-
- New upstream release
+ Version 3.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redhatopenshift
-
- New upstream release
+ Version 1.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redis
-
- New upstream release
+ Version 14.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 14.4.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-resource
-
- New upstream release
+ Version 23.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 23.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 23.1.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove temporary version override
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-servicefabricmanagedclusters
-
- New upstream release
+ Version 2.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Remove temporary version override
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-servicelinker
-
- New upstream release
+ Version 1.2.0b3
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.2.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-signalr
-
- New upstream release
+ Version 2.0.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-sql
-
- New upstream release
+ Version 4.0.0b21
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b20
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b19
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 4.0.0b18
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-storage
-
- New upstream release
+ Version 21.2.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 21.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-multiapi-storage
-
- New upstream release
+ Version 1.4.0
+ For detailed information about changes see the
README.rst file provided with this package
- New upstream release
+ Version 1.3.0
+ For detailed information about changes see the
README.rst file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-synapse-artifacts
-
- New upstream release
+ Version 0.19.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-msal-extensions
-
- Update to version 1.3.1
* Do not install tests in site-packages by @musicinmybrain in (#139)
* Also dropped Python 3.7 and 3.8 since this release
- from version 1.3.0
* Fix a typo in README.md (persistance/persistence)
by @musicinmybrain in (#133)
* Maintenance by @rayluo in (#137)
* Allow portalocker version 3 by @musicinmybrain in (#136)
* Make portalocker optional (opt in by pip install
msal-extensions[portalocker]) by @rayluo in (#117)
- Drop me_relax-portalocker.patch, fixed upstream
- Add patch to relax python-portalocker version dependency in setup.py
+ me_relax-portalocker.patch
- Relax python-portalocker version dependency in BuildRequires and Requires
- Update to version 1.2.0
+ Remove mentions of Travis CI by @akx in (#126)
+ Set proper lower bound for portalocker dependency,
drop packaging dependency by @akx in (#125)
+ Switch to MSAL 1.29+'s TokenCache.search()
by @rayluo in (#131)
- Remove temporary version override
- Update BuildRequires and Requires from setup.py
- Update to version 1.2.0b1
+ MSAL Extensions has been updated to work with
MSAL Python 1.27.* and 1.28.* (#127, #128)
- Adjust upstream source name in spec file
- Override upstream version with 1.2.0~b1
- Update Requires from setup.py
- python-msal
-
- Update to version 1.32.3
* Fix a regression on Azure Arc / on-prem servers (#814, #815)
- from version 1.32.2
* Bugfix for Authentication Failed: MsalResponse object has no
attribute 'headers' (#812)
- from version 1.32.1
* Optimization on cache
- Update to version 1.32.0
* Refactor to allow adding new field into cache key
and/or content by @rayluo in (#751)
* Warning when obsolete msal-extensions is detected
by @rayluo in (#752)
* Add msal_cache.bin to .gitignore by @DharshanBJ in (#753)
* MSAL will use env var MSAL_FORCE_REGION by default
by @rayluo in (#756)
* Allow MI endpoint changing through environment variable
by @jimdigriz in (#754)
* Revert "allow MI endpoint changing through environment
variable" by @rayluo in (#769)
* Fix document for using SystemAssigned managed identity
by @jiasli in (#764)
* Suppress a false positive CodeQL alarm by @rayluo in (#783)
* Pass Sku and Ver to MsalRuntime by @Ugonnaak1 in (#786)
* Try to suppress another verify=False by @rayluo in (#788)
* Supports dSTS by ClientApplication(..., authority=
"https://...example.com/dstsv2/...") by @rayluo in (#772)
* Add test case to show that OBO supports SP by @rayluo in (#481)
* Enable Issue-Sentinel to scan for similar issues by @DharshanBJ in (#790)
* Support pod identity by @rayluo in (#795)
* Scope to resource by @rayluo in (#785)
- Update to version 1.31.2b1
* acquire_token_interactive(...) supports scope with the shape of
"GUID/.default" when running inside Cloud Shell (#784, #785)
- Override upstream version with 1.31.2~b1
- Update to version 1.31.1
* Bugfix: The Managed Identity detection logic on Arc (#731)
had a bug (#762), now fixed in PR (#763)
- Update to version 1.31.0
* Integration with Broker-on-Mac in (#596)
* Change Managed Identity detection logic on Arc in (#731)
* Managed Identity supports CAE in (#730)
* Support Managed Identity on Azure Container
Instance (ACI) with Resource id in (#741)
* Other refactoring in (#740)
- Update to version 1.30.0
* New feature: Support Subject Name/Issuer authentication when using
.pfx certificate file. Documentation available in one of the recent
purple boxes here. (#718)
* New feature: Automatically use SHA256 and PSS padding when using
.pfx certificate on non-ADFS, non-OIDC authorities. (#722)
* New feature: Expose refresh_on (if any) to fresh or cached response,
so that caller may choose to proactively call acquire_token_silent()
early. (#723)
* Bugfix for token cache search. MSAL 1.27+ customers please upgrade
to MSAL 1.30+. (#717)
- Update to version 1.29.0
* New feature: Supports Managed Identity for Azure VM, App Service
(including Azure Functions, Azure Automation), Service Fabric,
Azure Machine Learning, Arc, etc.. Comes with a sample, its
configuration via ENV VAR, and its API documentation.
(#58, #480, #634, #674)
* New feature: Support reading ConfidentialClientApplication's
cert from a pfx file (#684, #699)
* New feature: TokenCache class has a new search() method which will
return a generator of tokens. The old find() method still exists and
returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
* Change: Re-enable the username password flow to go through broker,
if available. (#712)
- from version 1.28.1
* Change: pip install msal[broker] will now pick up the latest PyMsalRuntime
0.16.x which contains a bugfix for being run as administrator. This release
fixes #707.
- Update to version 1.28.0
* New feature: PublicClientApplication and ConfidentialClientApplication
have a new oidc_authority parameter that can be used to specify authority
of any generic OpenID Connect authority, typically the customized domain
for CIAM. (#676, #678)
* Dropping Python 2.7
- from version 1.27.0
* New feature: remove_tokens_for_client() will remove tokens acquired
by acquire_token_for_client() (#640, #650, #666)
* Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
* Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
* Adjustment: Bump upstream broker dependency to 0.14.x
* Improvement: Better chance to remove accounts from broker (#651)
* Improvement: Cleaner console output when the http local server
is visited in https protocol (#546)
* Improvement: Reduce a bare except clause (#667)
- protobuf
-
- Add CVE-2025-4565.patch to fix parsing of untrusted Protocol Buffers
data containing an arbitrary number of recursive groups or messages
can lead to crash due to RecursionError (bsc#1244663, CVE-2025-4565)
- sysstat
-
- Automatically enable systemd timers upon installation.
- Fix bsc#1244553.
- Fix for PED#12914.
* Add sysstat-PED-12914.patch.
- xen
-
- bsc#1246112, bsc#1238896 - VUL-0: xen: More AMD transient
execution attack (CVE-2024-36350, CVE-2024-36357, XSA-471)
66f28b47-x86-cpufeature-reposition-ext-leaf-21-EAX.patch
685c29cf-x86-idle-Move-monitor-mwait-wrappers.patch
685c29d0-x86-idle-remove-MFENCEs-for-CLFLUSH_MONITOR.patch
685c29d1-revert-part-of-mwait-idle-disable-IBRS-.patch
686277ed-x86-cpu-policy-simplify-logic-in-gcdfa.patch
68656b6f-x86-cpu-policy-leaf-80000021-handling.patch
68681770-x86-idle-remove-broken-MWAIT-implementation.patch
68681771-x86-idle-drop-incorrect-smp_mb-in-.patch
68681772-x86-idle-convert-force_mwait_ipi_wakeup-to-.patch
68681773-rework-arch_skip_send_event_check-into-.patch
68681774-x86-new-MWAIT-IPI-elision-algorithm.patch
68681775-x86-idle-fix-IRQ-enable-before-C1-on-Xeons.patch
xsa471-13.patch
686d2646-x86-cpu-policy-rearrange-gc_fa.patch
686d2647-x86-cpu-policy-CPUID-leaf-0x80000021-ecx.patch
686d2648-x86-AMD-ucode-digests-for-TSA.patch
686d2649-x86-idle-rearrange-VERW-and-MONITOR-in-.patch
686d264a-x86-spec-ctrl-mitigate-Transitive-Scheduler-Attacks.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
6863cd0b-x86emul-extable-registration-in-invoke_stub.patch
Replaces xsa470.patch
- Upstream bug fixes (bsc#1027519)
6835a042-VMX-VMEntry-failure-on-ADL-SPR-with-shadow.patch
6835a043-x86-PV-breakpoint-reporting.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
xsa470.patch