- HANA-Firewall
-
- HANA-Firewall built without PIE
(bsc#1239943)
- apparmor
-
- Allow dovecot-auth to execute unix_chkpwd from /sbin, not only from /usr/bin
(bsc#1234452)
* Update dovecot-unix_chkpwd.diff
- azure-cli-core
-
- Add patch to fix improper neutralization of special elements
used in a command which allows an unauthorized attacker to
elevate privileges locally
+ CVE-2025-24049.patch (bsc#1239460, CVE-2025-24049)
- Prefer %patch and %setup to allow individual patch strip levels
- branding-SLE
-
- Update plymouth theme to fix splash screen element placement issue.
(bsc#1236818)
- ca-certificates-mozilla
-
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- kernel-default
-
- Revert "Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-next' into SLE15-SP6"
This reverts commit bb7a7b2a95aa93ef5db11cca2317b7fe59e19e38, reversing
changes made to ac2aed10902386a981d430e6af9b7946722682ea.
- commit 9b78ca6
- selftests: mptcp: close fd_in before returning in main_loop
(git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop
(git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
(git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
(git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire
slave device (git-fixes).
- bus: mhi: host: Fix race between unprepare and queue_buf
(git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct
mode claim fails (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio (git-fixes).
- driver core: Remove needless return in void API
device_remove_group() (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- commit 0fbd190
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
Replace our patch with the upstream version.
- Delete
patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch.
- commit 9580b87
- kABI fix for RDMA/core: Don't expose hw_counters outside (git-fixes)
- commit 6079f81
- RDMA/core: Don't expose hw_counters outside of init net namespace (git-fixes)
- commit f134527
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- commit a2f9145
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- commit e2a4340
- bpf: Add tracepoints with null-able arguments (bsc#1235501
CVE-2024-56702).
- commit 60ddcfa
- net: Add rx_skb of kfree_skb to raw_tp_null_args (bsc#1235501
CVE-2024-56702).
- commit 2f246d2
- bpf: Augment raw_tp arguments with PTR_MAYBE_NULL (bsc#1235501
CVE-2024-56702).
- commit bd84127
- mm/page_alloc: fix memory accept before watermarks gets
initialized (bsc#1239600).
- commit 10a4fc6
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit 67af0a4
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- commit c4c365f
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
(git-fixes).
- commit c939fa2
- nvme-fc: rely on state transitions to handle connectivity loss
(git-fixes bsc#1222649).
- commit 0e1fcfd
- nvme: allow passthru cmd error logging (git-fixes).
Refresh:
- patches.suse/nvme-fix-multipath-batched-completion-accounting.patch
- patches.suse/nvme-use-srcu-for-iterating-namespace-list.patch
- patches.suse/nvme-split-off-tls-sysfs-attributes-into-a-separate-group.patch
- commit ca344c0
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- commit aad868b
- nvmet-fc: Remove unused functions (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
(git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly
ordered arch (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
(git-fixes).
- nvmet: remove old function prototype (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state
(git-fixes bsc#1222649).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv
done (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
(git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting
(git-fixes bsc#1222649).
Refresh:
- patches.suse/nvme-fc-use-ctrl-state-getter.patch
- nvme-fc: go straight to connecting state when initializing
(git-fixes bsc#1222649).
- commit 22d62a2
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- commit bea89fa
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- commit 3224bb8
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- commit bcfde59
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- commit 4d30cdc
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- commit 49aa8a8
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- commit eb80776
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- commit b4f3b31
- idpf: fix checksums set in idpf_rx_rsc() (CVE-2025-21890
bsc#1240173).
- ice: Fix deinitializing VF in error path (CVE-2025-21883
bsc#1240189).
- ipvlan: ensure network headers are in skb linear part
(CVE-2025-21891 bsc#1240186).
- commit ac7a561
- Update
patches.suse/RDMA-bnxt_re-Fix-the-page-details-for-the-srq-create.patch
(git-fixes CVE-2025-21885 bsc#1240169).
- Update
patches.suse/RDMA-mlx5-Fix-a-WARN-during-dereg_mr-for-DM-type.patch
(git-fixes CVE-2025-21888 bsc#1240177).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- Update
patches.suse/RDMA-mlx5-Fix-the-recovery-flow-of-the-UMR-QP.patch
(git-fixes CVE-2025-21892 bsc#1240175).
- Update
patches.suse/i2c-npcm-disable-interrupt-enable-bit-before-devm_re.patch
(git-fixes CVE-2025-21878 bsc#1240192).
- Update
patches.suse/ibmvnic-Don-t-reference-skb-after-sending-to-VIOS.patch
(CVE-2025-21858 bsc#1239468 CVE-2025-21855 bsc#1239484).
- Update patches.suse/iommu-vt-d-Fix-suspicious-RCU-usage.patch
(git-fixes CVE-2025-21876 bsc#1240179).
- Update
patches.suse/ndisc-use-RCU-protection-in-ndisc_alloc_skb.patch
(bsc#1239994 CVE-2025-21764 bsc#1237885).
- Update
patches.suse/powerpc-code-patching-Disable-KASAN-report-during-pa.patch
(bsc#1215199 CVE-2025-21869 bsc#1240182).
- Update
patches.suse/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch
(git-fixes CVE-2025-21877 bsc#1240172).
- commit 9c6e710
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770 bsc#1237757).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(jsc#PED-12416 CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-validate-slices-count-returned-by-FW.patch
(jsc#PED-12416 CVE-2024-38606 bsc#1226871).
- Update
patches.suse/dm-raid-Fix-WARN_ON_ONCE-check-for-sync_thread-in-ra.patch
(git-fixes CVE-2024-43820 bsc#1229311).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(git-fixes CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit e0b966a
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- commit 34587d0
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- commit 2fa0f31
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- commit b249c41
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- commit 0fe5ca5
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- commit e5c2137
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- commit 3634652
- power: supply: max77693: Fix wrong conversion of charge input
threshold value (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing
IRQ type (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in
intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call
(git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
(git-fixes).
- backlight: led_bl: Hold led_access lock when calling
led_sysfs_disable() (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res
PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
(git-fixes).
- Revert "leds-pca955x: Remove the unused function
pca95xx_num_led_regs()" (stable-fixes).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - remove access to parity register for QAT GEN4
(git-fixes).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment
(git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length
(git-fixes).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- lib: 842: Improve error handling in sw842_compress()
(git-fixes).
- commit 8ad02d4
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
(git-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows
(git-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Use scoped variables with memory allocators to
simplify error paths (stable-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Remove extern from function prototypes
(stable-fixes).
- commit 87db269
- ocfs2: mark dquot as inactive if failed to start trans while
releasing dquot (git-fixes).
- commit 54dc104
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- commit 73be6ce
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- commit ef7689a
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- commit cc4c3a7
- ocfs2: handle a symlink read error correctly (git-fixes).
- commit 79c2998
- dlm: prevent NPD when writing a positive value to event_done
(git-fixes).
- commit 8f717c8
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- commit bb32126
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- commit 45fdfe2
- jfs: add check read-only before truncation in
jfs_truncate_nolock() (git-fixes).
- commit 88c1bf9
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- commit 7ae1e64
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- commit fd3fbef
- Move upstreamed nfsd and sunrpc patches into sorted section
- commit 8ca9bbb
- Move upstreamed PCI and initramfs patches into sorted section
- commit 66970bb
- Move upstreamed powerpc and SCSI patches into sorted section
- commit 21807c4
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
(git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
(git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx
without data payload (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling
(git-fixes).
- PCI: brcmstb: Fix error path after a call to
regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Use internal register to change link capability
(git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up
(git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
(git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
(git-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed
(git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge()
(git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function
removal (git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB
(git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
(git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL
ptr (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
(git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on
failure (git-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering
DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC
timing (git-fixes).
- drm/msm/dpu: don't use active in atomic_check() (git-fixes).
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters() (git-fixes).
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting"
(git-fixes).
- drm/repaper: fix integer overflows in repeat functions
(git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
(git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
(git-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register
access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables
(git-fixes).
- drm/vkms: Fix use after free and double free on init error
(git-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed
correctly (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
(git-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- mdacon: rework dependency list (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null
pointer check (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status
(git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- regulator: check that dummy regulator has been probed before
using it (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
(git-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
(stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size
(stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path
(git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling
(stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- commit 0b221d1
- mptcp: pm: only set fullmesh for subflow endp (CVE-2025-21706 bsc#1238528)
- commit 1499b76
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
(git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ioam6: improve checks on user data (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- commit 2678976
- af_unix: Remove put_pid()/put_cred() in copy_peercred()
(bsc#1240334).
- commit 3c2ac6a
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- commit 73d1c92
- Reapply "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- wifi: ath11k: choose default PM policy for hibernation
(bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well
(bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume()
(bsc#1207948).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume()
(bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model
(bsc#1207948).
- commit 776bdcc
- tee: optee: Fix supplicant wait loop (CVE-2025-21871
bsc#1240183).
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH
copiers (CVE-2025-21870 bsc#1240191).
- commit d4df66d
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of
qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap()
calls (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe() (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values
(git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries
(git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo()
(git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION
before comparison (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel
(git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc
(git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC
(git-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format
(git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in
mt7915_muru_stats_show() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- wifi: rtw89: fw: correct debug message format in
rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data
(git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
(git-fixes).
- wifi: ath12k: Clear affinity hint before calling
ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath11k: Clear affinity hint before calling
ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor
mode (git-fixes).
- wifi: ath11k: fix RCU stall while reaping monitor destination
ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS
Capability (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool
(git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command
(git-fixes).
- broadcom: fix supported flag check in periodic output function
(git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
(git-fixes).
- commit 62d1ca7
- drop_monitor: fix incorrect initialization order (CVE-2025-21862
bsc#1239474).
- rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
(CVE-2025-21635 bsc#1236111).
- net/smc: protect link down work from execute after lgr freed
(CVE-2024-56718 bsc#1235589).
- netfilter: IDLETIMER: Fix for possible ABBA deadlock
(CVE-2024-54683 bsc#1235729).
- net/smc: fix LGR and link use-after-free issue (CVE-2024-56640
bsc#1235436).
- ipv6: Fix soft lockups in fib6_select_path under high next
hop churn (CVE-2024-56703 bsc#1235455).
- commit 32a040d
- kABI fix for net: ipv6: support reporting otherwise unknown
prefix flags in RTM_NEWPREFIX (git-fixes).
- commit 3656735
- net: avoid race between device unregistration and ethnl ops
(CVE-2025-21701 bsc#1237164).
- commit adae27d
- net: usb: usbnet: restore usb%d name exception for local mac
addresses (bsc#1234480).
- commit 0605bcc
- x86/entry: Add __init to ia32_emulation_override_cmdline()
(git-fixes).
- commit 98c0019
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
(stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit a9e9dbb
- ALSA: hda/realtek: Add support for various HP Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops
using CS35L41 HDA (stable-fixes).
- commit 249008f
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix
control names (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
(stable-fixes).
- commit 401355a
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print
(git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- HID: Enable playstation driver independently of sony driver
(git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook
X515UA (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup()
(git-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for
ti,j7200-cpb-audio compatible (git-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in
snd_pcm_format_set_silence() (git-fixes).
- commit 52d0d3b
- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
bsc#1236333).
- commit 970aeca
- include: net: add static inline dst_dev_overhead() to dst.h
(git-fixes).
- commit 38a62b9
- Refresh patches.suse/tpm-send_data-Wait-longer-for-the-TPM-to-become-read.patch.
Also extend the remaining tpm_tis_send_data timeout (bsc#1235870).
- commit 4b3d91d
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- commit 5da2185
- x86/microcode: Prepare for minimal revision check (git-fixes).
- commit c420631
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- commit 392e00e
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- commit b3900fd
- cpufreq/amd-pstate: Fix max_perf updation with schedutil
(bsc#1239707).
- commit fefd3ab
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo
(git-fixes).
- commit 2b5c9da
- x86/microcode: Protect against instrumentation (git-fixes).
- commit c6912a2
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- commit 62c98c3
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- commit 918f8ee
- x86/microcode: Provide new control functions (git-fixes).
- commit 8430c04
- x86/microcode: Add per CPU control field (git-fixes).
- commit 866b0a5
- x86/microcode: Add per CPU result state (git-fixes).
- commit 579033e
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
(CVE-2024-47408 bsc#1235711).
- commit 2f01046
- x86/microcode: Clarify the late load logic (git-fixes).
- commit 6230ee4
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- Refresh
patches.suse/x86-microcode-Sanitize-__wait_for_cpus.patch.
- commit dc94359
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- commit bdacddf
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- commit 6a00f9e
- x86/microcode: Mop up early loading leftovers (git-fixes).
- commit 9018df4
- kABI fix for "netfilter: nft_inner: incorrect percpu area
handling under softirq" (CVE-2024-56638 bsc#1235524).
- commit 3acf757
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- Refresh patches.suse/ipv6-prevent-UAF-in-ip6_send_skb.patch.
- Refresh patches.suse/net-fix-__dst_negative_advice-race.patch.
- commit a265247
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- Refresh
patches.suse/ipv6-sr-fix-incorrect-unregister-order.patch.
- commit ef06a22
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- Refresh
patches.suse/ipv6-prevent-NULL-dereference-in-ip6_output.patch.
- commit 97af13b
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- commit 916bc1a
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- commit 6cd5382
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- commit d0a37ed
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- commit 834a488
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- commit a5ea134
- ipv6: Set errno after ip_fib_metrics_init() in
ip6_route_info_create() (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw()
(git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ipv6: release nexthop on device removal (CVE-2024-56751
bsc#1234936).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
(git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- net: use unrcu_pointer() helper (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
(git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and
rpl_input() (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop
fragment (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed
(git-fixes).
- commit ae4c044
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
(git-fixes).
- ipv6: Ensure natural alignment of const ipv6 loopback and
router addresses (git-fixes).
- commit 3e6f7bb
- net: ipv6: support reporting otherwise unknown prefix flags
in RTM_NEWPREFIX (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- commit aab80f1
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- commit a8e1ba8
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- commit 12d10b3
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- commit 44d31ee
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- Refresh
patches.suse/x86-microcode-intel-Remove-unnecessary-cache-writeback-and.patch.
- commit fd684d8
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- commit deae801
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- commit c89162d
- x86/microcode/intel: Simplify early loading (git-fixes).
- commit 571e4fe
- x86/microcode/intel: Cleanup code further (git-fixes).
- commit 53a643e
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- commit f3beb78
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- commit f25c748
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- commit 040895c
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- commit bf7e36d
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- commit cb4b02a
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- commit 1ec4661
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- commit 1bef486
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- commit 7d2da5d
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- commit 4164fad
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- commit 842e778
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- commit d92edaf
- x86/microcode/intel: Remove debug code (git-fixes).
- commit f06da57
- x86/microcode: Move core specific defines to local header (git-fixes).
- Delete
patches.suse/x86-cpu-Fix-amd_check_microcode-declaration.patch.
- commit 68e5a18
- x86/hyperv: Fix output argument to hypercall that changes page
visibility (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
(git-fixes).
- commit d929456
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- commit cd4315f
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- commit adc4f73
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- Refresh
patches.suse/platform-x86-intel-ifs-Gen2-scan-image-loading.patch.
- commit 9b8d381
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- Refresh
patches.suse/x86-cpu-intel-Detect-TME-keyid-bits-before-setting-MTRR-ma.patch.
- commit 4e2f346
- x86/microcode: Hide the config knob (git-fixes).
- commit d6f3245
- x86/mm: Remove unused microcode.h include (git-fixes).
- commit 88b351c
- x86/microcode: Remove microcode_mutex (git-fixes).
- commit 9723346
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- commit 36caa36
- Revert "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- commit 18bdb23
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- commit 4a52b36
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- commit a5f84ff
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- commit e6ba4df
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- commit c13c7b0
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- commit 8e4bd72
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- commit 0180053
- media: vim2m: print device name after registering device
(git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init()
(git-fixes).
- media: v4l2-dv-timings: prevent possible overflow in
v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region
(git-fixes).
- media: venus: hfi: add check to handle incorrect queue size
(git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic
(git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access
(git-fixes).
- media: visl: Fix ERANGE error when setting enum controls
(git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the
error path (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field
(git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask
(git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators
and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly
in remove (git-fixes).
- media: streamzap: prevent processing IR data on URB failure
(git-fixes).
- media: streamzap: fix race between device disconnection and
urb callback (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (git-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
(git-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on
errors (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume
(git-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending
the use of ARRAY_SIZE() (git-fixes).
- commit d741ce2
- smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844 bsc#1239512)
- commit 5413aee
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- commit c180144
- ipv6: mcast: extend RCU protection in igmp6_send()
(CVE-2025-21759 bsc#1238738).
- commit 400a352
- ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760
bsc#1238763).
- commit 156bf64
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit f01aefb
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
(CVE-2025-21761 bsc#1238775).
- commit 742de46
- arp: use RCU protection in arp_xmit() (CVE-2025-21762
bsc#1238780).
- commit 816de2a
- neighbour: use RCU protection in __neigh_notify()
(CVE-2025-21763 bsc#1237897).
- commit f8fc7e4
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- commit d3f8de7
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
(bsc#1239994).
- commit 60e0c13
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- commit 8abe0aa
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- commit 095440f
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- commit c35924e
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- Refresh
patches.suse/x86-Fix-CPUIDLE_FLAG_IRQ_ENABLE-leaking-timer-reprogram.patch.
- commit d3998f0
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- commit 317b615
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- commit 3276cd3
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*() (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- commit 77968cd
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- commit 29ec493
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- commit 4c35517
- flow_dissector: use RCU protection to fetch dev_net()
(bsc#1239994).
- commit a0e50a6
- ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765
bsc#1237906).
- commit c531d1f
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- commit 48756fc
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- commit 81b29a5
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- commit 5eecff1
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
(bsc#1239994).
- commit 6188164
- ipv4: use RCU protection in __ip_rt_update_pmtu()
(CVE-2025-21766 bsc#1238754).
- commit 03eaa8b
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- commit 95bdee3
- net: add dev_net_rcu() helper (bsc#1239994).
- commit 63dac1b
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: cleanup mana struct after debugfs_remove()
(git-fixes).
- Drivers: hv: vmbus: Don't release fb_mmio resource in
vmbus_free_mmio() (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0
(git-fixes).
- commit a640830
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986)
sle_version was obsoleted for SLE16. It has to be combined with
suse_version check.
- commit cbd5de3
- kABI workaround for intel-ish-hid (git-fixes).
- commit c1e0e59
- HID: intel-ish-hid: Send clock sync message immediately after
reset (stable-fixes).
- commit bb56845
- kABI workaround for soc_mixer_control changes (git-fixes).
- commit 41b23df
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated
irq (git-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
(stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name
(stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions
(stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
several devices (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
NHxxRZQ (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S
(stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir
G7 SE controllers (stable-fixes).
- ASoC: ops: Consistently treat platform_max as control value
(git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later
(stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth =
14 (stable-fixes).
- drm/amd/display: Restore correct backlight brightness after
a GPU reset (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init
(stable-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is
removed (git-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066
(git-fixes).
- drm/nouveau: Do not override forced connector status
(stable-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
(stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE
(stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi
module (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays
(stable-fixes).
- usb: phy: generic: Use proper helper for property detection
(stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform
profiles (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad
X120e (stable-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard
(stable-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
(stable-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards
(stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera
(stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in
doorbell (stable-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17
(stable-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show()
(stable-fixes).
- commit 3767537
- regulator: dummy: force synchronous probing (git-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- commit 74ce27f
- Refresh
patches.suse/udp-Deal-with-race-between-UDP-socket-address-change-and-r.patch.
- commit 4648743
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit a17c3c2
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit 2860902
- kABI: ufshcd: add ufshcd_dealloc_host back (CVE-2025-21739
bsc#1238506).
- commit 722da19
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083 bsc#1239036).
- commit bbd863b
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848
bsc#1239479).
- commit bd498df
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit f46ae1f
- udp: Deal with race between UDP socket address change and rehash
(CVE-2024-57974 bsc#1238532).
- commit d248d8d
- drm/radeon: fix uninitialized size issue in
radeon_vce_cs_parse() (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
(git-fixes).
- accel/qaic: Fix integer overflow in qaic_validate_req()
(git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G
(git-fixes).
- drm/v3d: Don't run jobs that have errors flagged in its fence
(git-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- batman-adv: Ignore own maximum aggregation size during RX
(git-fixes).
- Bluetooth: hci_event: Fix connection regression between LE
and non-LE adapters (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM
(git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source
(git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
(git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- commit fa047d8
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- commit be0fccb
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- commit 7560f3b
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- commit fae22e5
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- commit 4a61cfc
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- commit d7a5712
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- commit 1c0ffc5
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- commit fb56cee
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- commit d9ad94d
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- commit 3a68d14
- scsi: ufs: core: Fix use-after free in init error and remove
paths (CVE-2025-21739 bsc#1238506).
- commit f971898
- btrfs: use a separate end_io handler for extent_buffer writing
(bsc#1239045).
- btrfs: don't use btrfs_bio_ctrl for extent buffer writing
(bsc#1239045).
- btrfs: remove the mirror_num argument to
btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in
end_bio_subpage_eb_writepage (bsc#1239045).
- commit 5ca42b7
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys() (git-fixes).
- commit a7b4ac3
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- commit c17a6ef
- ata: pata_serverworks: Do not use the term blacklist
(git-fixes).
- commit cdc9008
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using
result_tf (git-fixes).
- commit cf84546
- ata: libata-scsi: Remove redundant sense_buffer memsets
(git-fixes).
- commit 3ff83f7
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- commit f3d1fc7
- ata: pata_parport: fit3: implement IDE command set registers
(git-fixes).
- commit b753758
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- commit e6786aa
- ata: pata_parport: add custom version of wait_after_reset
(git-fixes).
- commit 92ba445
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- commit d1b0425
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- commit b541e7c
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- commit 4d05cf3
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- commit cfcc878
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- commit e1ac37c
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- commit 86fe977
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- commit 9a15b23
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- commit 674715a
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 4a03990
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
(git-fixes CVE-2025-21703 bsc#1237313).
- commit ca9c9ec
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- commit 57c0aea
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- Refresh
patches.suse/net_sched-sch_sfq-don-t-allow-1-packet-limit.patch.
- commit e8a43b7
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc
(git-fixes).
- Refresh
patches.suse/net-sched-act_api-fix-possible-infinite-loop-in-tcf_.patch.
- commit b0f7ecb
- net_sched: Prevent creation of classes with TC_H_ROOT
(git-fixes).
- net/sched: cls_api: fix error handling causing NULL dereference
(git-fixes CVE-2025-21857 bsc#1239478).
- net/sched: netem: account for backlog updates from child qdisc
(git-fixes CVE-2024-56770 bsc#1235637).
- net/sched: tbf: correct backlog statistic for GSO packets
(git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
(git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for
actions created by classifiers (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to
fill_sched_entry() (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped
queue at right time (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period
(git-fixes).
- net/sched: flower: Add lock protection when remove filter handle
(git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts
(git-fixes).
- commit a5cca5e
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside
CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc: Stop using no_llseek (bsc#1239573).
- commit 5b9a0f5
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is
enabled (git-fixes).
- commit 39d5ea8
- kABI fix for netlink: terminate outstanding dump on socket close
(git-fixes).
- commit b2fd571
- usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
(bsc#1232389 CVE-2024-50056).
- commit e07e4ef
- netlink: terminate outstanding dump on socket close
(CVE-2024-53140 bsc#1234222).
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit b824575
- usb: gadget: uvc: fix try format returns on uncompressed formats
(bsc#1232389 CVE-2024-50056).
- commit d2b161f
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit 215e0dc
- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)
- commit bc1d649
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- initramfs: allocate heap buffers together (bsc#1232848).
- init: add initramfs_internal.h (bsc#1232848).
- commit f42c132
- net: stmmac: fix TSO DMA API usage causing oops (CVE-2024-56719 bsc#1235591)
- commit 66963e5
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- commit f832e33
- supported.conf: add now-included qat_420xx (external, intel)
- commit 85940df
- net: constify sk_dst_get() and __sk_dst_get() argument
(git-fixes).
- commit a24981b
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- commit 5d1d9ed
- crypto: qat - add support for device telemetry (jsc#PED-12416). - Refresh patches.suse/crypto-qat-disable-IOV-in-adf_dev_stop.patch. - Refresh patches.suse/crypto-qat-remove-check-after-debugfs_create_dir.patch.
- commit 3d131da
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- commit 8fbb076
- Update config files for PED-12416: QAT_420XX=m on x86, disable error injection.
- commit bbce3cc
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 0b762e3
- usb: gadget: uvc: Fix use-after-free for inflight usb_requests
(bsc#1232389 CVE-2024-50056).
- commit 2525765
- usb: gadget: uvc: move video disable logic to its own function
(bsc#1232389 CVE-2024-50056).
- commit 2ceecdc
- usb: gadget: uvc: Allocate uvc_requests one at a time
(bsc#1232389 CVE-2024-50056).
- commit 4e4b74d
- usb: gadget: uvc: prevent use of disabled endpoint (bsc#1232389
CVE-2024-50056).
- commit fe7e829
- usb: gadget: uvc: clean up comments and styling in video_pump
(bsc#1232389 CVE-2024-50056).
- commit c00889e
- Bluetooth: Improve setsockopt() handling of malformed user input
(git-fixes).
- commit b7abeef
- btrfs: drop the backref cache during relocation if we commit
(bsc#1239605).
- btrfs: check delayed refs when we're checking if a ref exists
(bsc#1239605).
- commit cfc9247
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- commit cae0f76
- Update
patches.suse/net-sched-use-RCU-read-side-critical-section-in-taprio_dump.patch
(CVE-2024-50126 bsc#1232895).
- commit 4fbfb83
- xhci: dbc: Replace custom return value with proper Linux error
code (git-fixes).
- commit 8f2f3fe
- xhci: dbc: Check for errors first in xhci_dbc_stop()
(git-fixes).
- commit 393eaad
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- commit c847619
- xhci: dbc: Use sysfs_emit() to instead of scnprintf()
(git-fixes).
- commit fdc638e
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- commit de56eef
- xhci: dbc: Drop duplicate checks for dma_free_coherent()
(git-fixes).
- commit b4ff421
- Update
patches.suse/xhci-Combine-two-if-statements-for-Etron-xHCI-host.patch
(git-fixes).
- Update
patches.suse/xhci-Don-t-issue-Reset-Device-command-to-Etron-xHCI-.patch
(git-fixes).
Fix false references introduced by reusing patches for SP7 needed
for a feature
- commit f1a52b1
- ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900
bsc#1235973).
- commit a940895
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
(bsc#1239349).
- commit 4c2eac0
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows
(git-fixes).
- commit e3c259b
- ubi: Add a check for ubi_num (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is
empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking
LEB failed (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create()
(git-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Don't reserve PEB if fm_anchor
exists (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap
data block (git-fixes).
- commit 123f0f1
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- commit cbadc13
- tcp: introduce tcp_clock_ms() (git-fixes).
- commit ef89ad4
- include/linux/mmzone.h: clean up watermark accessors
(bsc#1239600).
- commit 9cc8558
- mm: create promo_wmark_pages and clean up open-coded sites
(bsc#1239600).
- commit 9684a94
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
(git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- commit 3bc54d8
- mm: accept to promo watermark (bsc#1239600).
- commit 1ee3b42
- mm: fix endless reclaim on machines with unaccepted memory
(bsc#1239600).
- commit 2f9ff68
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte
feature (git-fixes).
- commit a688092
- kABI fix for tcp: drop secpath at the same time as we currently
drop (CVE-2025-21864 bsc#1239482).
- commit 79a237f
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
(git-fixes).
- commit f5ad85e
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- Refresh
patches.suse/xhci-pci-Fix-indentation-in-the-PCI-device-ID-defini.patch.
- commit 6e83d36
- xhci: Don't perform Soft Retry for Etron xHCI host (git-fixes).
- commit 9beb310
- xhci: Don't issue Reset Device command to Etron xHCI host
(jsc#PED-10701).
- commit 5ad7a28
- xhci: Combine two if statements for Etron xHCI host
(jsc#PED-10701).
- commit 68c16e1
- xhci: Cleanup Candence controller PCI device and vendor ID usage
(git-fixes).
- commit df43775
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host
(git-fixes).
- commit 1479d30
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- commit 6f73c8c
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- commit 32a2ce7
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- commit 02e0809
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- commit 3ebb63d
- xhci: pci: Use full names in PCI IDs for Intel platforms
(git-fixes).
- commit 38d020d
- ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782
bsc#1230769).
- commit e9d9715
- Input: iqs7222 - preserve system status register (git-fixes).
- commit 1f2a9a2
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2
(git-fixes).
- commit 9ee6aed
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- commit 6fedbfd
- Update
patches.suse/ASoC-SOF-stream-ipc-Check-for-cstream-nullity-in-sof.patch
(git-fixes CVE-2025-21847 bsc#1239471).
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(git-fixes CVE-2024-58020 bsc#1239346).
- Update
patches.suse/USB-gadget-f_midi-f_midi_complete-to-call-queue_work.patch
(git-fixes CVE-2025-21859 bsc#1239467).
- Update patches.suse/acct-perform-last-write-from-workqueue.patch
(git-fixes CVE-2025-21846 bsc#1239508).
- Update
patches.suse/block-don-t-revert-iter-for-EIOCBQUEUED.patch
(git-fixes CVE-2025-21832 bsc#1239105).
- Update
patches.suse/fbdev-omap-use-threaded-IRQ-for-LCD-DMA.patch
(stable-fixes CVE-2025-21821 bsc#1239174).
- Update
patches.suse/nfsd-clear-acl_access-acl_default-after-releasing-them.patch
(git-fixes CVE-2025-21796 bsc#1238716).
- Update
patches.suse/nvmet-Fix-crash-when-a-namespace-is-disabled.patch
(git-fixes CVE-2025-21850 bsc#1239477).
- Update
patches.suse/orangefs-fix-a-oob-in-orangefs_debug_write.patch
(git-fixes CVE-2025-21782 bsc#1239117).
- Update
patches.suse/partitions-mac-fix-handling-of-bogus-partition-table.patch
(git-fixes CVE-2025-21772 bsc#1238911).
- Update
patches.suse/powerpc-code-patching-Fix-KASAN-hit-by-not-flagging-.patch
(bsc#1215199 CVE-2025-21866 bsc#1239473).
- commit d74c347
- nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997 CVE-2024-58019)
- commit 73aa11f
- i2c: sis630: Fix an error handling path in sis630_probe()
(git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
(git-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe()
(git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- commit a2963cf
- Input: ads7846 - fix gpiod allocation (git-fixes).
- commit 829ae40
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen
2 model (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360
14-dy1xxx (stable-fixes).
- commit 10b7907
- ASoC: codecs: wm0010: Fix error handling path in
wm0010_spi_probe() (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology
probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in
mid_get_vbt_data() (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work
(git-fixes).
- commit 866bbeb
- Refresh patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch.
- Refresh
patches.suse/mptcp-move-__mptcp_error_report-in-protocol.c.patch.
- Refresh
patches.suse/tcp-define-initial-scaling-factor-value-as-a-macro.patch.
- Refresh
patches.suse/tcp-increase-the-default-TCP-scaling-ratio.patch.
After discussing with @jwiesner: re-introduce b8dc6d6ce ("mptcp: fix rcv
buffer auto-tuning")
- commit 2c38df3
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize() (CVE-2025-21861 bsc#1239483).
- commit 2aaf230
- mm: migrate_device: use more folio in migrate_device_finalize()
(CVE-2025-21861 bsc#1239483 dependency).
- commit 6c15dfd
- geneve: Suppress list corruption splat in
geneve_destroy_tunnels() (CVE-2025-21858 bsc#1239468).
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl()
(CVE-2025-21865 bsc#1239481).
- ibmvnic: Don't reference skb after sending to VIOS
(CVE-2025-21858 bsc#1239468).
- geneve: Fix use-after-free in geneve_find_dev() (CVE-2025-21858
bsc#1239468).
- commit 37714b5
- drm/amdgpu: Check extended configuration space register when
system uses large bar (stable-fixes).
- Refresh
patches.suse/drm-amdgpu-disable-BAR-resize-on-Dell-G5-SE.patch.
- commit 3119f0d
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
(git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms
(git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass
Storage Card Reader (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- gpio: rcar: Use raw_spinlock to protect register access
(stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad
X131e (stable-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress
200M (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL
(git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions
(stable-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- commit afdffc3
- Delete patches.suse/APEI-GHES-Have-GHES-honor-the-panic-setting.patch (bsc#1239615)
The panic-on-reboot behavior change is too surprsing as an update,
better to be reverted during SP
- commit 38b0ca3
- dm-crypt: track tag_offset in convert_context (git-fixes).
- commit e418c3f
- dm-crypt: don't update io->sector after
kcryptd_crypt_write_io_submit() (git-fixes).
- commit 4e42a0d
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
(git-fixes).
- commit d656a3c
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block
size (take 2) (git-fixes).
mwilck: some hand editing because d95e2c34a3ca ("dm verity: Fix IO
priority lost when reading FEC and hash") is missing
- commit 952c7af
- dm array: fix cursor index when skipping across block boundaries
(git-fixes).
- commit 9559a70
- dm array: fix unreleased btree blocks on closing a faulty
array cursor (git-fixes).
- commit 3401ff8
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- commit b8c64af
- dm: Fix typo in error message (git-fixes).
- commit 085bad2
- dm-unstriped: cast an operand to sector_t to prevent potential
uint32_t overflow (git-fixes).
- commit 9289690
- Revert "dm: requeue IO if mapping table not yet available"
(git-fixes).
- commit 5102f1f
- dm-integrity: fix a race condition when accessing recalc_sector
(git-fixes).
- commit f9223d3
- dm persistent data: fix memory allocation failure (git-fixes).
- commit 6ad0a55
- dm resume: don't return EINVAL when signalled (git-fixes).
- commit b83910f
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- commit d18f8de
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
(git-fixes).
- commit 6d3fcd8
- dm init: Handle minors larger than 255 (git-fixes).
- commit 73dcd27
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- commit 3d6cb93
- dm-delay: fix max_delay calculations (git-fixes).
- commit 9bd5588
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- commit c232aae
- dm-delay: fix workqueue delay_timer race (git-fixes).
- commit d3bc4cb
- dm integrity: fix out-of-range warning (git-fixes).
- commit 94146a8
- dm-integrity: align the outgoing bio in integrity_recheck
(git-fixes).
- commit 8ef7f34
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
(git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- commit 3e8333c
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits
out (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's
safe (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent
(git-fixes).
- commit 057626d
- tcp: avoid reusing FIN_WAIT2 when trying to find port in
connect() process (git-fixes).
- commit b709352
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- commit ee5bb6a
- tcp: Update window clamping condition (git-fixes).
- commit 21c2df7
- tcp: Adjust clamping window for applications specifying
SO_RCVBUF (git-fixes).
- commit 45a6b13
- tcp: Don't drop SYN+ACK for simultaneous connect() (git-fixes).
- commit d347622
- tcp: fix races in tcp_v_err() (git-fixes).
- commit 7d8961a
- tcp: fix races in tcp_abort() (git-fixes).
- commit 57c21f2
- tcp: fix race in tcp_write_err() (git-fixes).
- commit f7c5a0b
- tcp: add tcp_done_with_error() helper (git-fixes).
- commit 67b079b
- tcp: fix incorrect undo caused by DSACK of TLP retransmit
(git-fixes).
- commit 7fc3dc6
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call
tcp_try_to_open() (git-fixes).
- commit 481ef49
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for
failed TFO (git-fixes).
- commit e0d6e17
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
(git-fixes).
- commit 2f9ac53
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- commit debc800
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- commit e578c32
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value
(git-fixes).
- commit a0f87a0
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- commit 9d8f16e
- tcp: increase the default TCP scaling ratio (git-fixes).
- commit 37d2a56
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- Refresh
patches.suse/mptcp-cope-racing-subflow-creation-in-mptcp_rcv_spac.patch.
- commit baccd3e
- tcp: Fix bind() regression for v6-only wildcard and
v4(-mapped-v6) non-wildcard addresses (git-fixes).
- commit 10a8fd3
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- commit 2c65748
- tcp: fix incorrect parameter validation in the
do_tcp_getsockopt() function (git-fixes).
- commit 1b71f1e
- tcp: Add memory barrier to tcp_push() (git-fixes).
- commit 9e18439
- tcp: fix mid stream window clamp (git-fixes).
- commit 1da9c62
- tcp: define initial scaling factor value as a macro (git-fixes).
- Refresh
patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch.
- Refresh
patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
- commit 5d65891
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- commit 35f4bde
- tcp: derive delack_max from rto_min (git-fixes).
- commit 681cef6
- tcp: check mptcp-level constraints for backlog coalescing
(git-fixes).
- commit f47afe8
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes
bsc#1239595).
- commit e1c229c
- s390/stackleak: Use exrl instead of ex in __stackleak_poison()
(git-fixes bsc#1239594).
- commit bf5ac4c
- s390/ism: add release function for struct device (git-fixes
CVE-2025-21856 bsc#1239486).
- commit ae9aecd
- tcp: drop secpath at the same time as we currently drop dst
(CVE-2025-21864 bsc#1239482).
- commit 068f76d
- tcp: properly terminate timers for kernel sockets
(CVE-2024-35910 bsc#1224489).
- commit cd84ccc
- net: sched: use RCU read-side critical section in taprio_dump()
(CVE-2024-50140 bsc#1233060).
- commit 481b06f
- spi: microchip-core: Use helper function devm_clk_get_enabled()
(git-fixes).
- commit ba5bb35
- spi: microchip-core: Clean up redundant dev_err_probe()
(git-fixes).
- Refresh
patches.suse/spi-microchip-core-switch-to-use-modern-name.patch.
- commit e92f46c
- net/smc: check iparea_offset and ipv6_prefixes_cnt when
receiving proposal msg (CVE-2024-49571 bsc#1235733).
- commit d49e720
- kABI: bpf: Prevent tailcall infinite loop caused by freplace
kABI workaround (bsc#1235712 CVE-2024-47794).
- commit b659789
- bpf: Prevent tailcall infinite loop caused by freplace
(bsc#1235712 CVE-2024-47794).
- commit 594a2b0
- netdev: prevent accessing NAPI instances from another namespace
(CVE-2025-21659 bsc#1236206).
- commit 4814e4a
- ice: Remove and readd netdev during devlink reload (bsc#1230497
bsc#1239518).
- Refresh
patches.suse/ice-add-ice_adapter-for-shared-data-across-PFs-on-th.patch.
- commit fac3f79
- HID: hid-steam: Fix use-after-free when detaching device
(git-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle
(git-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI
(git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on
system suspend (stable-fixes).
- commit 66671e7
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
(git-fixes).
- commit e9a08e4
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 987aac3
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
(bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- commit 99e576d
- af_unix: Disable MSG_OOB handling for sockets in
sockmap/sockhash (bsc#1239435).
- af_unix: Annotate data-race of sk->sk_state in
unix_stream_read_skb() (bsc#1239435).
- commit 53fc06a
- padata: fix sysfs store callback check (git-fixes).
- commit 9e53996
- netpoll: Fix race condition in netpoll_owner_active
(CVE-2024-41005 bsc#1227858).
- commit edbf839
- sched/membarrier: Fix redundant load of membarrier_state
(bsc#1232743).
- commit 4b4693f
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for
server bind (git-fixes).
- commit acac4ee
- selftests/bpf: Add test case for the freeing of bpf_timer
(bsc#1238971 CVE-2025-21825).
- bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
(bsc#1238971 CVE-2025-21825).
- commit d0cb4f3
- kABI fix for l2tp: prevent possible tunnel refcount underflow
(CVE-2024-49940 bsc#1232812).
- commit d6225ab
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs
for pmemory (bsc#1239167 ltc#211055).
- commit 1543fff
- l2tp: fix lockdep splat (git-fixes).
- commit 1b614a9
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- commit 9f93194
- net l2tp: drop flow hash on forward (git-fixes).
- commit c98f745
- l2tp: fix incorrect parameter validation in the
pppol2tp_getsockopt() function (git-fixes).
- commit 33af351
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 8f719fe
- ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during
params (CVE-2024-58012 bsc#1239104).
- commit 3d2e163
- usb: gadget: Check bmAttributes only if configuration is valid
(git-fixes).
- usb: gadget: Fix setting self-powered state on suspend
(git-fixes).
- commit 1151d65
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
(git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations
(git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix
functionality (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
(git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
(git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks
(git-fixes).
- drivers: core: fix device leak in __fw_devlink_relax_cycles()
(git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based
detection" (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device
(git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in
pmcmd_ioctl (git-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt
scenario (git-fixes).
- cdx: Fix possible UAF error in driver_override_show()
(git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function()
to avoid deadlock (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
(git-fixes).
- commit 481095d
- Update
patches.suse/HID-hid-thrustmaster-fix-stack-out-of-bounds-read-in.patch
(git-fixes CVE-2025-21794 bsc#1238502).
- Update
patches.suse/NFC-nci-Add-bounds-checking-in-nci_hci_create_pipe.patch
(git-fixes CVE-2025-21735 bsc#1238497).
- Update
patches.suse/PCI-Avoid-putting-some-root-ports-into-D3-on-TUXEDO-.patch
(git-fixes CVE-2025-21831 bsc#1239039).
- Update
patches.suse/PCI-rcar-ep-Fix-incorrect-variable-used-when-calling.patch
(git-fixes CVE-2025-21804 bsc#1238736).
- Update
patches.suse/RDMA-mlx5-Fix-a-race-for-an-ODP-MR-which-leads-to-CQ.patch
(git-fixes CVE-2025-21732 bsc#1237877).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-use-after-free.patch
(git-fixes CVE-2025-21714 bsc#1237890).
- Update
patches.suse/RDMA-rxe-Fix-the-warning-__rxe_cleanup-0x12c-0x170-r.patch
(git-fixes CVE-2025-21829 bsc#1239030).
- Update
patches.suse/Revert-drm-amd-display-Use-HW-lock-mgr-for-PSR1.patch
(stable-fixes CVE-2025-21819 bsc#1238994).
- Update
patches.suse/USB-hub-Ignore-non-compliant-devices-with-too-many-c.patch
(stable-fixes CVE-2025-21776 bsc#1238909).
- Update
patches.suse/arm64-cacheinfo-Avoid-out-of-bounds-write-to-cacheinfo-array.patch
(git-fixes CVE-2025-21785 bsc#1238747).
- Update
patches.suse/ata-libata-sff-Ensure-that-we-cannot-write-outside-t.patch
(stable-fixes CVE-2025-21738 bsc#1238917).
- Update
patches.suse/batman-adv-Drop-unmanaged-ELP-metric-worker.patch
(git-fixes CVE-2025-21823 bsc#1238475).
- Update
patches.suse/batman-adv-fix-panic-during-interface-removal.patch
(git-fixes CVE-2025-21781 bsc#1238735).
- Update
patches.suse/blk-cgroup-Fix-class-block_class-s-subsystem-refcount-leakage.patch
(bsc#1237558 CVE-2025-21745 bsc#1238785).
- Update
patches.suse/block-bfq-fix-waker_bfqq-UAF-after-bfq_split_bfqq.patch
(git-fixes CVE-2025-21631 bsc#1236099).
- Update
patches.suse/can-ctucanfd-handle-skb-allocation-failure.patch
(git-fixes CVE-2025-21775 bsc#1238501).
- Update
patches.suse/can-etas_es58x-fix-potential-NULL-pointer-dereferenc.patch
(git-fixes CVE-2025-21773 bsc#1238762).
- Update
patches.suse/driver-core-class-Fix-wild-pointer-dereferences-in-A.patch
(git-fixes CVE-2025-21810 bsc#1238757).
- Update
patches.suse/drm-amdgpu-avoid-buffer-overflow-attach-in-smu_sys_s.patch
(stable-fixes CVE-2025-21780 bsc#1239115).
- Update
patches.suse/drm-amdgpu-bail-out-when-failed-to-load-fw-in-psp_in.patch
(git-fixes CVE-2025-21784 bsc#1238510).
- Update patches.suse/landlock-Handle-weird-files.patch (git-fixes
CVE-2025-21830 bsc#1239033).
- Update patches.suse/misc-fastrpc-Fix-copy-buffer-page-size.patch
(git-fixes CVE-2025-21734 bsc#1238734).
- Update
patches.suse/mm-compaction-fix-UBSAN-shift-out-of-bounds-warning.patch
(git fixes (mm/compaction) CVE-2025-21815 bsc#1238474).
- Update
patches.suse/msft-hv-3160-KVM-x86-Reject-Hyper-V-s-SEND_IPI-hypercalls-if-loca.patch
(git-fixes CVE-2025-21779 bsc#1238768).
- Update
patches.suse/nbd-don-t-allow-reconnect-after-disconnect.patch
(git-fixes CVE-2025-21731 bsc#1237881).
- Update
patches.suse/net-rose-fix-timer-races-against-user-threads.patch
(git-fixes CVE-2025-21718 bsc#1239073).
- Update patches.suse/net-rose-lock-the-socket-in-rose_bind.patch
(git-fixes CVE-2025-21749 bsc#1238904).
- Update
patches.suse/net-rose-prevent-integer-overflows-in-rose_setsockop.patch
(git-fixes CVE-2025-21711 bsc#1239114).
- Update
patches.suse/net-usb-rtl8150-enable-basic-endpoint-checking.patch
(git-fixes CVE-2025-21708 bsc#1239087).
- Update
patches.suse/nilfs2-fix-possible-int-overflows-in-nilfs_fiemap.patch
(git-fixes CVE-2025-21736 bsc#1238715).
- Update patches.suse/padata-avoid-UAF-for-reorder_work.patch
(git-fixes CVE-2025-21726 bsc#1238865).
- Update patches.suse/padata-fix-UAF-in-padata_reorder.patch
(git-fixes CVE-2025-21727 bsc#1237876).
- Update
patches.suse/scsi-mpi3mr-Fix-possible-crash-when-setting-up-bsg-f.patch
(git-fixes CVE-2025-21723 bsc#1238864).
- Update patches.suse/spi-sn-f-ospi-Fix-division-by-zero.patch
(git-fixes CVE-2025-21793 bsc#1238500).
- Update patches.suse/tty-xilinx_uartps-split-sysrq-handling.patch
(git-fixes CVE-2025-21820 bsc#1238479).
- Update
patches.suse/usb-cdc-acm-Check-control-transfer-buffer-size-befor.patch
(git-fixes CVE-2025-21704 bsc#1237571).
- Update
patches.suse/usb-gadget-core-flush-gadget-workqueue-after-device-.patch
(git-fixes CVE-2025-21838 bsc#1239065).
- Update
patches.suse/usb-gadget-f_midi-fix-MIDI-Streaming-descriptor-leng.patch
(git-fixes CVE-2025-21835 bsc#1239068).
- Update patches.suse/usbnet-ipheth-fix-DPE-OoB-read.patch
(git-fixes CVE-2025-21741 bsc#1238767).
- Update
patches.suse/usbnet-ipheth-fix-possible-overflow-in-DPE-length-ch.patch
(git-fixes CVE-2025-21743 bsc#1238781).
- Update
patches.suse/usbnet-ipheth-use-static-NDP16-location-in-URB.patch
(git-fixes CVE-2025-21742 bsc#1238771).
- Update
patches.suse/vsock-Keep-the-binding-until-socket-destruction.patch
(git-fixes CVE-2025-21756 bsc#1238876).
- Update
patches.suse/wifi-brcmfmac-Check-the-return-value-of-of_property_.patch
(stable-fixes CVE-2025-21750 bsc#1238905).
- Update
patches.suse/wifi-brcmfmac-fix-NULL-pointer-dereference-in-brcmf_.patch
(stable-fixes CVE-2025-21744 bsc#1238903).
- Update
patches.suse/wifi-mac80211-don-t-flush-non-uploaded-STAs.patch
(git-fixes CVE-2025-21828 bsc#1238958).
- Update patches.suse/zram-fix-potential-UAF-of-zram-table.patch
(git-fixes CVE-2025-21671 bsc#1236692).
- commit 0d7f015
- Update
patches.suse/Bluetooth-L2CAP-handle-NULL-sock-pointer-in-l2cap_so.patch
(git-fixes CVE-2024-58009 bsc#1238760).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-mgmt_.patch
(stable-fixes CVE-2024-58013 bsc#1239095).
- Update
patches.suse/HID-core-Fix-assumption-that-Resolution-Multipliers-.patch
(git-fixes CVE-2024-57986 bsc#1237907).
- Update
patches.suse/HID-hid-thrustmaster-Fix-warning-in-thrustmaster_pro.patch
(git-fixes CVE-2024-57993 bsc#1237894).
- Update
patches.suse/PCI-dwc-ep-Prevent-changing-BAR-size-flags-in-pci_ep.patch
(git-fixes CVE-2024-58006 bsc#1238772).
- Update
patches.suse/block-Fix-page-refcounts-for-unaligned-buffers-in-__bio_release_pages.patch
(git-fixes CVE-2024-35826 bsc#1224610).
- Update
patches.suse/block-avoid-to-reuse-hctx-not-removed-from-cpuhp-callback-list.patch
(git-fixes CVE-2024-41149 bsc#1235698).
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770).
- Update
patches.suse/cifs-fix-potential-null-pointer-use-in-destroy_workqueue-in-init_ci.patch
(bsc#1231432 CVE-2024-42307 bsc#1229361).
- Update
patches.suse/clk-qcom-dispcc-sm6350-Add-missing-parent_map-for-a-.patch
(git-fixes CVE-2024-58080 bsc#1239027).
- Update
patches.suse/clk-qcom-gcc-sm6350-Add-missing-parent_map-for-two-c.patch
(git-fixes CVE-2024-58076 bsc#1239037).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-pointer-dereference-in.patch
(git-fixes CVE-2024-58052 bsc#1238986).
- Update
patches.suse/drm-msm-gem-prevent-integer-overflow-in-msm_ioctl_ge.patch
(git-fixes CVE-2024-52559 bsc#1238507).
- Update
patches.suse/drm-v3d-Stop-active-perfmon-if-it-is-being-destroyed.patch
(git-fixes CVE-2024-58086 bsc#1239038).
- Update patches.suse/idpf-convert-workqueues-to-unbound.patch
(git-fixes CVE-2024-58057 bsc#1238969).
- Update
patches.suse/ipmi-ipmb-Add-check-devm_kasprintf-returned-value.patch
(git-fixes CVE-2024-58051 bsc#1238963).
- Update
patches.suse/media-imx-jpeg-Fix-potential-error-pointer-dereferen.patch
(git-fixes CVE-2024-57978 bsc#1238523).
- Update
patches.suse/media-uvcvideo-Fix-crash-during-unbind-if-gpio-unit-.patch
(git-fixes CVE-2024-58079 bsc#1239029).
- Update
patches.suse/media-uvcvideo-Fix-double-free-in-error-path.patch
(git-fixes CVE-2024-57980 bsc#1237911).
- Update
patches.suse/media-uvcvideo-Remove-dangling-pointers.patch
(git-fixes CVE-2024-58002 bsc#1238503).
- Update
patches.suse/media-vidtv-Fix-a-null-ptr-deref-in-vidtv_mux_stop_t.patch
(stable-fixes CVE-2024-57834 bsc#1238993).
- Update
patches.suse/memory-tegra20-emc-fix-an-OF-node-reference-bug-in-t.patch
(git-fixes CVE-2024-58034 bsc#1238773).
- Update
patches.suse/misc-misc_minor_alloc-to-use-ida-for-all-dynamic-mis.patch
(git-fixes CVE-2024-58078 bsc#1239034).
- Update
patches.suse/net-fix-removing-a-namespace-with-conflicting-altnam.patch
(bsc#1233749 CVE-2024-26634 bsc#1221651).
- Update patches.suse/null_blk-fix-validation-of-block-size.patch
(git-fixes CVE-2024-41077 bsc#1228653).
- Update
patches.suse/platform-x86-int3472-Check-for-adev-NULL.patch
(stable-fixes CVE-2024-58011 bsc#1239080).
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-incorrectly-marks-MMIO-r.patch
(bsc#1218470 ltc#204531 CVE-2024-57999 bsc#1238526).
- Update
patches.suse/printk-Fix-signed-integer-overflow-when-defining-LOG_BUF_LEN_MAX.patch
(bsc#1237950 CVE-2024-58017 bsc#1239112).
- Update
patches.suse/rdma-cxgb4-Prevent-potential-integer-overflow-on-32b.patch
(git-fixes CVE-2024-57973 bsc#1238531).
- Update
patches.suse/remoteproc-core-Fix-ida_free-call-while-not-allocate.patch
(git-fixes CVE-2024-58056 bsc#1238981).
- Update
patches.suse/rtc-pcf85063-fix-potential-OOB-write-in-PCF85063-NVM.patch
(git-fixes CVE-2024-58069 bsc#1238978).
- Update
patches.suse/scsi-hisi_sas-Fix-a-deadlock-issue-related-to-automa-3c4f53b2.patch
(git-fixes CVE-2024-26873 bsc#1223047).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(git-fixes CVE-2024-57807 bsc#1235761).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_rename_path-.patch
(git-fixes CVE-2024-46736 bsc#1230728).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_set_path_size-.patch
(git-fixes CVE-2024-46796 bsc#1230832).
- Update
patches.suse/smb-client-fix-possible-double-free-in-smb2_set_ea-.patch
(git-fixes CVE-2024-50152 bsc#1233033).
- Update
patches.suse/soc-qcom-socinfo-Avoid-out-of-bounds-read-of-serial-.patch
(git-fixes CVE-2024-58007 bsc#1238511).
- Update
patches.suse/staging-media-max96712-fix-kernel-oops-when-removing.patch
(git-fixes CVE-2024-58054 bsc#1238975).
- Update
patches.suse/tomoyo-don-t-emit-warning-in-tomoyo_write_control.patch
(stable-fixes CVE-2024-58085 bsc#1239085).
- Update
patches.suse/tpm-Change-to-kvalloc-in-eventlog-acpi.c.patch
(bsc#1233260 bsc#1233259 bsc#1232421 CVE-2024-58005
bsc#1237873).
- Update
patches.suse/ubifs-skip-dumping-tnc-tree-when-zroot-is-null.patch
(git-fixes CVE-2024-58058 bsc#1238979).
- Update
patches.suse/usb-gadget-f_tcm-Don-t-free-command-immediately.patch
(git-fixes CVE-2024-58055 bsc#1238959).
- Update
patches.suse/usb-xhci-Fix-NULL-pointer-dereference-on-certain-com.patch
(git-fixes CVE-2024-57981 bsc#1237912).
- Update
patches.suse/wifi-brcmsmac-add-gain-range-check-to-wlc_phy_iqcal_.patch
(stable-fixes CVE-2024-58014 bsc#1239109).
- Update
patches.suse/wifi-mac80211-prohibit-deactivating-all-links.patch
(git-fixes CVE-2024-58061 bsc#1238973).
- Update
patches.suse/wifi-mt76-mt7925-fix-off-by-one-in-mt7925_load_clc.patch
(git-fixes CVE-2024-57990 bsc#1237900).
- Update
patches.suse/wifi-rtlwifi-fix-memory-leaks-and-invalid-access-at-.patch
(git-fixes CVE-2024-58063 bsc#1238984).
- Update
patches.suse/wifi-rtlwifi-remove-unused-check_buddy_priv.patch
(git-fixes CVE-2024-58072 bsc#1238964).
- Update
patches.suse/wifi-wcn36xx-fix-channel-survey-memory-allocation-si.patch
(git-fixes CVE-2024-57997 bsc#1238529).
- commit fb231d1
- Update
patches.suse/cpu-hotplug-Don-t-offline-the-last-non-isolated-CPU.patch
(bsc#1237562 CVE-2023-52831 bsc#1225533).
- Update
patches.suse/io_uring-rw-split-io_read-into-a-helper.patch
(bsc#1215211 CVE-2023-52926 bsc#1237565).
- commit a1ecaa9
- partitions: mac: fix handling of bogus partition table
(git-fixes).
- block: cleanup and fix batch completion adding conditions
(git-fixes).
- block: don't revert iter for -EIOCBQUEUED (git-fixes).
- commit 9b6ced4
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
(git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- commit 6203500
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- commit d83f55b
- sunrpc: suppress warnings for unused procfs functions
(git-fixes).
- commit cd678ab
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- commit 55bec3b
- SUNRPC: Prevent looping due to rpc_signal_task() races
(git-fixes).
- commit 033fbe6
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- commit 444dbb7
- nfsd: clear acl_access/acl_default after releasing them
(git-fixes).
- commit 44261ed
- pnfs/flexfiles: retry getting layout segment for reads
(git-fixes).
- commit 76f556a
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit 9363cb2
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop
using CS35L41 HDA (stable-fixes).
- commit aea7c4e
- Refresh patches.suse/ALSA-hda-realtek-Workaround-for-resume-on-Dell-Venue.patch
A patch chunk was dropped mistakenly
- commit 0e9ac09
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA
Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops
using CS35L41 HDA (stable-fixes).
- commit 4ef6d55
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
(git-fixes).
- commit 844da8a
- ALSA: hda/realtek: Add support for various ASUS Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50
(stable-fixes).
- commit 2ee2163
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
(stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo
platform (stable-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery
(stable-fixes).
- commit 10a77af
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in
xgene_hwmon_probe() (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error
(git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
(git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify()
(git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: aggregator: protect driver attr handlers against module
unload (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe
(git-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config
(git-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- commit c757c56
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
When compiler different from the one which was used to configure the
kernel is used to build modules a warning is issued and the build
continues. This could be turned into an error but that would be too
restrictive.
The generated kernel-devel makefile could set the compiler but then the
main Makefile as to be patched to assign CC with ?=
This causes run_oldconfig failure on SUSE-2024 and kbuild config check
failure on SUSE-2025.
This cannot be hardcoded to one version in a regular patch because the
value is expected to be configurable at mkspec time. Patch the Makefile
after aplyin patches in rpm prep step instead. A check is added to
verify that the sed command did indeed apply the change.
- commit 6031391
- tracing/osnoise: Fix resetting of tracepoints (CVE-2025-21733
bsc#1238494).
- commit 27d6e3b
- btrfs: fix assertion failure when splitting ordered extent
after transaction abort (CVE-2025-21754 bsc#1238496).
- commit 2050c25
- kABI workaround for pps changes (CVE-2024-57979 bsc#1238521).
- commit b151154
- pps: Fix a use-after-free (CVE-2024-57979 bsc#1238521).
- commit c19b588
- corosync
-
- Add a patch to fix CVE-2025-30472 (bsc#1239987)
* bsc-1239987-check-size-of-orf_token-msg.patch
- cpupower
-
- For latest changelog entries, please look up the changelog of
a kernel-FLAVOR or kernel-source with the exact same version and
release build number.
rpm -q --changelog kernel-source |grep "turbostat\|intel-speed-select|cpupower"
- crash
-
- In some kernel modules such as libie.ko, the mem[MOD_TEXT].size
may be zero, currently crash will only check its value to determine
if the module is valid, otherwise it fails to load kernel module with
the following warning and error:
mod: cannot access vmalloc'd module memory
Lets count the module size to check if the module is valid, that will
avoid the current failure. (bsc#1237501)
- crash-fix-for-failing-to-load-kernel-module.patch
- docker
-
- Don't use the new container-selinux conditional requires on SLE-12, as the
RPM version there doesn't support it. Arguably the change itself is a bit
suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
+ 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
+ 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)
- dracut
-
- Update to version 059+suse.557.gccd6ab94:
* fix(iscsi): make sure services are shut down when switching root (bsc#1237695)
* fix(iscsi): don't require network setup for qedi
* fix(network-legacy): do not require pgrep when using wicked (bsc#1236982)
- gettext-runtime
-
- Fix crash while handling po files with malformed header and
process them properly
(0003-Fix-malformed-header-processing.patch, boo#1227316).
- hawk2
-
- Update to version 2.6.6+git.1742310530.bfcd0e2c:
* Dev: proof code from injections (bsc#1182162,bsc#1182164)
* Fix: enable colocation linking
* Dev: make sprockets-4.2 compatible
* Dev: enable rails-8.0
* Test: test_check_cluster_configuration: relax required resource options
* remove patch
- relax-test-cluster-conf.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#152
- avoid reporting of spurious usb storage devices (bsc#1223330)
- 21.87
- merge gh#openSUSE/hwinfo#151
- do not overdo usb device de-duplication (bsc#1239663)
- 21.86
- xz
-
- Add CVE-2025-31115.patch
* Fix heap use after free and writing to an address based on the null
pointer plus an offset (CVE-2025-31115, bsc#1240414)
- python3
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- systemd
-
- Import commit 83b9060b6e4c9cdffbbed0e27467cbd2f806dc0d
09b7477895 udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- Drop 5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch
The path has been merged into the SUSE/v254 branch.
- Import commit 2b599c7501253b0e6b7987fdb2676af21bc72ab3 (merge of v254.24)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/b25faa18ee7ef3c2d0b16416dfa331d0013dd112...2b599c7501253b0e6b7987fdb2676af21bc72ab3
- Import commit b25faa18ee7ef3c2d0b16416dfa331d0013dd112
b4693652f3 journald: close runtime journals before their parent directory removed
044d051f0c journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
- libvirt
-
- security: apparmor: Fix probing of apparmor availability on the
VM host when using modular daemons
bsc#1235079
- libxslt
-
- Security fixes:
* Fix use-after-free of XPath context node [bsc#1239625, CVE-2025-24855]
* Fix UAF related to excluded namespaces [bsc#1239637, CVE-2024-55549]
* Make generate-id() deterministic [bsc#1238591, CVE-2023-40403]
Just adding the reference here as this CVE was already fixed
in 0009-Make-generate-id-deterministic.patch
* Rebase patches to use autosetup:
- libxslt-1.1.24-no-net-autobuild.patch
- libxslt-config-fixes.patch
* Add patches:
- libxslt-CVE-2024-55549.patch
- libxslt-CVE-2025-24855.patch
- lifecycle-data-sle-module-live-patching
-
- Added data for 5_14_21-150400_24_147, 5_14_21-150400_24_150,
5_14_21-150500_55_91, 5_14_21-150500_55_94,
5_3_18-150300_59_188, 5_3_18-150300_59_191,
5_3_18-150300_59_195, 6_4_0-150600_23_33,
6_4_0-150600_23_38, 6_4_0-19, 6_4_0-20,
+kernel-livepatch-5_14_21-150500_13_79-rt,*,+kernel-livepatch-6_4_0-10-rt,*,+kernel-livepatch-6_4_0-11-rt,*,+kernel-livepatch-6_4_0-150600_10_20-rt,*,+kernel-livepatch-6_4_0-150600_10_23-rt,*,+kernel-livepatch-6_4_0-150600_10_26-rt,*. (bsc#1020320)
- python-azure-agent
-
- Add a new version of paa_force_py3_sle15.patch to compensate for
missing Python RPM macros in older distros
- Update to version 2.12.04 (bsc#1235140)
+ Remove agent-no-auto-update.patch handeled by config file specialization
sub-packages
+ Remove paa_force_py3_sle15.patch handled by RPM macro
+ Remove agent-micro-is-sles.patch included upstream
+ Forward port paa_12_sp5_rdma_no_ext_driver.patch
+ Forward port remove-mock.patch
+ Add paa_direct_exec_in_service.patch
~ The waagent script is executable and we set the proper interpreter
using the macro for multibuild python. Do prefix the execution in the
service file wit the interpreter
+ Fix install_requires list syntax
+ Update spec file
~ Remove conditions for distros no longer maintained
~ Simplify build and install conditionals using macros
+ Enable GA versioning #3082 #3184 #3189
+ Cgroups api refactor for v2 #3096 #3135 #3188 #3196
+ Fix JIT for FIPS 140-3 #3190
+ reset network service unit file if python version changes #3058
+ Recognize SLE-Micro as a SLE based distribution #3048
+ Add distutils/version.py to azurelinuxagent #3063
+ Use legacycrypt instead of crypt on Python >= 3.13 #3070
+ Fix osutil/default route_add to pass string array. #3072
+ Fix argument to GoalState.init #3073
+ Add lock around access to fast_track.json #3076
+ Add DistroVersion class to compare distro versions #3078
+ LogCollector should skip and log warning for files that don't exist #3098
+ check for unexpected process in agent cgroups before cgroups enabled #3103
+ [Redo with correct source/target]: Remove check for "ibXX" interface
format and rework mac-address regex to expand support #3150
+ Fix Ubuntu version codename for 24.04 #3159
+ Update test certificate data #3166
+ move setupslice after cgroupsv2 check, remove unit file for
log collector and remove fiirewall daemon-reload #3223
+ Address pylint warning deprecated-method #3059
+ Run pylint on Python 3.11 #3067
+ Run unit tests with pytest on Python >= 3.10
+ Log logcollector cgroups if process is found in unexpected slice #3107
+ remove secret and use cert for aad app in e2e pipeline #3116
+ suppress pylint warn contextmanager-generator-missing-cleanup #3138
+ Switching to SNI based authentication for aad app #3137
+ updated PR template #3144
+ Avoiding mocked exception from being lost on test when using
python 3.12: complete mocked info #3149
+ Add more useful logging statement for agent unit properties #3154
+ Remove wireserver fallback for imds calls #3152
+ Remove unused import #3155
+ Add support for Azure Linux 3 #3183
+ Fix pytest warnings #3084
+ Allow use of node 16 #3160
+ Send controller/cgroup path telemetry #3231
From 2.13.0.2
+ #3221 Add support for nftables (+ refactoring of firewall code)
+ #3239 Create walinuxagent nftable atomically
+ Features in progress (Verify extension signature/Policy Enforcement)
+ #3200 Parse encodedSignature property from EGS
+ #3187 Add Regorus policy engine framework
+ #3222 Remove Regorus and platform check for policy enforcement
+ #3242 Telemetry (update logcollector telemetry with common properties)
+ #3208 Handle non-boolean when parsing extension manifests
+ #3211 Fix unicode type check when parsing extension manifests
+ #3133 Telemetry: high-priority events
+ #3240 Telemetry: report apparent dead code
+ #3210 Cleanup: remove AMA extension services cgroups tracking code
+ #3197 Accommodate the new behavior in OpenSSL 3.2.2 when given an
empty input
From 2.11.1.12
+ Remove multi config extension status only on extension delete #3172
From 2.111.1.4
+ General Improvements
+ Improvements in telemetry for firewall settings #3110, #3124
From 2.10.0.8
+ GA versioning #2810 #2850 #2860 #2881 #2974 #3004 #3015 #3033
+ Disabled GA versioning #2909 #2917 #3044
+ Add regular expression to match logs from very old agents #2839
+ Remove empty "distro" module #2854
+ Enable Python 2.7 for unit tests #2856
+ Add check for noexec on Permission denied errors #2859
+ Reorganize file structure of unit tests #2894
+ Report useful message when extension processing is disabled #2895
+ Add log and telemetry event for extension disabled #2897
+ Cleanup common directory #2902
+ Fix agent memory usage check #2903
+ enable rhel/centos agent-cgroups #2922
+ Add support for EC certificates #2936
+ Add Cpu Arch in local logs and telemetry events #2938
+ Clarify support status of installing from source. #2941
+ Gathering Guest ProxyAgent Log Files #2975
+ Remove debug info from waagent.status.json #2971
+ Handle errors when adding logs to the archive #2982
+ Update supported Ubuntu versions #2980
+ Fix pylint warning #2988
+ Add information about HTTP proxies #2985
+ update the proxy agenet log folder for logcollector #3028
+ Add config parameter to wait for cloud-init
(Extensions.WaitForCloudInit) #3031 [Added in 2.10.0.8]
+ Adding AutoUpdate.UpdateToLatestVersion new flag support #3020 #3027
[Added in 2.10.0.8]
+ Check certificates only if certificates are included in goal state #2803
+ Redact access tokens from extension's output #2811
+ Fix name of single IB device when provisioning RDMA #2814
+ Port NSBSD system to the latest version of waagent #2828
+ fix daemon version #2874
+ fix version checking in setup.py #2920
+ fix(ubuntu): Point to correct dhcp lease files #2979
+ Download certs on FT GS after check_certificates only when missing
from disk #2907
+ Add support for EC certificates (#2936) #2943 [Added in 2.10.0.5]
+ Fix for "local variable _COLLECT_NOEXEC_ERRORS referenced before
assignment" (#2935) #2944 [Added in 2.10.0.5]
+ Cache daemon version #2942 #2946 [Added in 2.10.0.5]
+ undo get daemon version change #2951 [Added in 2.10.0.5]
+ fix self-update frequency to spread over 24 hrs for regular type
and 4 hrs for hotfix #2948 [Added in 2.10.0.5]
+ ignore dependencies from extensions that do not have settings #2957
[Added in 2.10.0.6]
+ Do not reset the mode of a extension's log directory #3014
[Added in 2.10.0.8]
+ skip cgroup monitoring if log collector doesn't start by the agent.
[#2939] [Added in 2.10.0.8]
+ NM should not be restarted during hostname publish if NM_CONTROLLED=y
[#3008] [Added in 2.10.0.8]
+ Daemon should remove stale published_hostname file and log
useful warning #3016 [Added in 2.10.0.8]
+ Revert changes to publish_hostname in RedhatOSModernUtil #3032
[Added in 2.10.0.8]
+ Recover primary nic if down after publishing hostname in
RedhatOSUtil #3024 [Added in 2.10.0.8]
- fix a few typos in the spec file and use proper macros where
applicable
- remove python3 requires
- python-Jinja2
-
- Add security patch CVE-2025-27516.patch (bsc#1238879)
- suse-build-key
-
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
- vim
-
- Introduce patch to fix bsc#1235751 (regression).
* vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
* 9.1.1176: wrong indent when expanding multiple lines
* 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
* 9.1.1174: tests: Test_complete_cmdline() may fail
* 9.1.1173: filetype: ABNF files are not detected
* 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
* 9.1.1171: tests: wrong arguments passed to assert_equal()
* 9.1.1170: wildmenu highlighting in popup can be improved
* 9.1.1169: using global variable for get_insert()/get_lambda_name()
* 9.1.1168: wrong flags passed down to nextwild()
* 9.1.1167: mark '] wrong after copying text object
* 9.1.1166: command-line auto-completion hard with wildmenu
* 9.1.1165: diff: regression with multi-file diff blocks
* 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
* 9.1.1163: $MYVIMDIR is set too late
* 9.1.1162: completion popup not cleared in cmdline
* 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
* 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
* 9.1.1159: $MYVIMDIR may not always be set
* 9.1.1158: :verbose set has wrong file name with :compiler!
* 9.1.1157: command completion wrong for input()
* 9.1.1156: tests: No test for what patch 9.1.1152 fixes
* 9.1.1155: Mode message not cleared after :silent message
* 9.1.1154: Vim9: not able to use autoload class accross scripts
* 9.1.1153: build error on Haiku
* 9.1.1152: Patch v9.1.1151 causes problems
* 9.1.1151: too many strlen() calls in getchar.c
* 9.1.1150: :hi completion may complete to wrong value
* 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
* 9.1.1148: Vim9: finding imported scripts can be further improved
* 9.1.1147: preview-window does not scroll correctly
* 9.1.1146: Vim9: wrong context being used when evaluating class member
* 9.1.1145: multi-line completion has wrong indentation for last line
* 9.1.1144: no way to create raw strings from a blob
* 9.1.1143: illegal memory access when putting a register
* 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
* 9.1.1141: Misplaced comment in readfile()
* 9.1.1140: filetype: m17ndb files are not detected
* 9.1.1139: [fifo] is not displayed when editing a fifo
* 9.1.1138: cmdline completion for :hi is too simplistic
* 9.1.1137: ins_str() is inefficient by calling STRLEN()
* 9.1.1136: Match highlighting marks a buffer region as changed
* 9.1.1135: 'suffixesadd' doesn't work with multiple items
* 9.1.1134: filetype: Guile init file not recognized
* 9.1.1133: filetype: xkb files not recognized everywhere
* 9.1.1132: Mark positions wrong after triggering multiline completion
* 9.1.1131: potential out-of-memory issue in search.c
* 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
* 9.1.1129: missing out-of-memory test in buf_write()
* 9.1.1128: patch 9.1.1119 caused a regression with imports
* 9.1.1127: preinsert text is not cleaned up correctly
* 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
* 9.1.1125: cannot loop through pum menu with multiline items
* 9.1.1124: No test for 'listchars' "precedes" with double-width char
* 9.1.1123: popup hi groups not falling back to defaults
* 9.1.1122: too many strlen() calls in findfile.c
* 9.1.1121: Enter does not insert newline with "noselect"
* 9.1.1120: tests: Test_registers fails
* 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
* 9.1.1118: tests: test_termcodes fails
* 9.1.1117: there are a few minor style issues
* 9.1.1116: Vim9: super not supported in lambda expressions
* 9.1.1115: [security]: use-after-free in str_to_reg()
* 9.1.1114: enabling termguicolors automatically confuses users
* 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
* 9.1.1112: Inconsistencies in get_next_or_prev_match()
* 9.1.1111: Vim9: variable not found in transitive import
* 9.1.1110: Vim tests are slow and flaky
* 9.1.1109: cmdexpand.c hard to read
* 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
* 9.1.1107: cannot loop through completion menu with fuzzy
* 9.1.1106: tests: Test_log_nonexistent() causes asan failure
* 9.1.1105: Vim9: no support for protected new() method
* 9.1.1104: CI: using Ubuntu 22.04 Github runners
* 9.1.1103: if_perl: still some compile errors with Perl 5.38
* 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
- xen
-
- bsc#1219354 - xen channels and domU console
67c86fc1-xl-fix-channel-configuration-setting.patch
- bsc#1237692 - When attempting to start guest vm's libxl fills disk with errors
67d2a3fe-libxl-avoid-infinite-loop-in-libxl__remove_directory.patch
- Upstream bug fixes (bsc#1027519)
67b4961e-console-dont-truncate-panic-messages.patch
67b49d86-memory-resource_max_frames-retval.patch
67b5d27c-SVM-separate-STI-from-VMRUN.patch
67cb03e0-x86-vlapic-ESR-write-handling.patch
67d17edd-x86-expose-MSR_FAM10H_MMIO_CONF_BASE-on-AMD.patch
67d17ede-VT-x-PI-usage-of-msi_desc-msg-field.patch
- bsc#1238043 - VUL-0: CVE-2025-1713: xen: deadlock potential with
VT-d and legacy PCI device pass-through (XSA-467)
67c06178-x86-IOMMU-bus-to-bridge-lock-acquired-IRQ-safe.patch
- Xen call trace and APIC Error found after reboot operation on AMD
machine (bsc#1233796)
67acb684-x86-offline-APs-with-IRQs-disabled.patch
67acb685-x86-SMP-disable-IRQs-ahead-of-AP-shutdown.patch
67acb686-x86-PCI-disable-MSI-at-shutdown.patch
67acb687-x86-IOMMU-disable-IRQs-at-shutdown.patch
- Upstream bug fixes (bsc#1027519)
66dedebf-x86-HVM-recursion-in-linear-rw.patch
677bcb65-x86-traps-rework-LER-init-and.patch
677c1a7c-x86-AMD-misc-setup-for-Fam1A.patch
67921698-x86-HVM-MMIO-emul-cache-bounds-check.patch
67935a31-x86-HVM-dyn-alloc-emul-cache-ents.patch
67935a4c-x86-HVM-rw-split-at-page.patch
67977673-x86-IOMMU-check-CMPXCHG16B-when-enabling.patch
67977677-AMD-IOMMU-atomically-update-IRTE.patch
679796ff-x86-PV-further-harden-guest-mem-access.patch
67a5cb5f-radix-tree-purge-node-alloc-hooks.patch
67a5cb94-radix-tree-introduce-RADIX_TREE_INIT.patch