- apparmor
-
- Fix deny exec of rpc_witness; (bsc#1225811).
* add apparmor-rpcd-witness.patch
- Add some misc fixes for samba-4.21.x denies; (bsc#1259441).
* add samba-misc-rpcd-spoolss.patch
- autofs
-
- fix deadlock on map entry removal (bsc#1246325)
* 0001-autofs-5.1.9-fix-get-parent-multi-mount-check-in-try.patch
* 0002-autofs-5.1.9-fix-deadlock-in-remount.patch
* 0003-CHANGELOG-add-a-few-missing-entries.patch
* 0004-autofs-5.1.9-quiet-possibly-noisy-log-message.patch
* 0005-autofs-5.1.9-fix-devid-update-on-reload.patch
* 0006-autofs-5.1.9-fix-cache-writelock-must-be-taken-in-up.patch
* 0007-autofs-5.1.9-fix-skip-valid-map-entries-on-expire-cl.patch
* 0008-autofs-5.1.9-remove-unnecessary-call-to-set_direct_m.patch
* 0009-autofs-5.1.9-remove-unnecessary-assignment-in-umount.patch
* 0010-autofs-5.1.9-fix-direct-mount-trigger-umount-failure.patch
* 0011-autofs-5.1.9-refactor-do_umount_autofs_direct.patch
* 0012-autofs-5.1.9-fix-stale-direct-mount-trigger-not-umou.patch
* 0013-autofs-5.1.9-add-function-table_lookup_ino.patch
* 0014-autofs-5.1.9-improve-handling-of-missing-map-entry-f.patch
- Fix autofs-5.1.1-dbus-udisks-monitor.patch (bsc#1246612) to account for:
* d2feac6784b6 autofs-5.1.6 - make autofs.a a shared library
* bcd8e1b642e9 autofs-5.0.7 - use LIBS for link libraries
- bind
-
- Upgrade to release 9.20.21
Security Fixes:
* Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805]
* Fix memory leaks in code preparing DNSSEC proofs of
non-existence.
(CVE-2026-3104)
[bsc#1260567]
* Prevent a crash in code processing queries containing a TKEY
record.
(CVE-2026-3119)
[bsc#1260568]
* Fix a stack use-after-return flaw in SIG(0) handling code.
(CVE-2026-3591)
[bsc#1260569]
* Fix a use-after-free error in dns_client_resolve() triggered by
a DNAME response. This issue only affected the delv tool and it
has now been fixed.
[bsc#1259202]
Feature Changes:
* Record query time for all dnstap responses.
* Optimize TCP source port selection on Linux.
Bug Fixes:
* Fix the handling of key statements defined inside views.
* Fix an assertion failure triggered by non-minimal IXFRs.
* Fix a crash when retrying a NOTIFY over TCP.
* Fetch loop detection improvements.
* Randomize nameserver selection.
* Fix dnstap logging of forwarded queries.
* A stale answer could have been served in case of multiple
upstream failures when following CNAME chains. This has been
fixed.
* Fail DNSKEY validation when supported but invalid DS is found.
* Importing an invalid SKR file might corrupt stack memory.
* Return FORMERR for queries with the EDNS Client Subnet FAMILY
field set to 0.
* Fix inbound IXFR performance regression.
* Make catalog zone names and member zones' entry names
case-insensitive.
* Fix implementation of BRID and HHIT record types.
* Fix implementation of DSYNC record type.
* Fix response policy and catalog zones to work with $INCLUDE
directive.
- kernel-default
-
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 4921c60
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit 2c8047b
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 24731ba
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit b418ef6
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit eb1a8c9
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit 8a67d67
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit c2ad254
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit 28aed48
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID
matching (git-fixes).
- commit df6cd61
- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 852cc2c
- scsi: target: Fix recursive locking in __configfs_open_file()
(CVE-2026-23292 bsc#1260500).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() (CVE-2026-23193 bsc#1258414).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count() (CVE-2026-23216 bsc#1258447).
- commit e7b5dcd
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs
and shared blocks (CVE-2026-23270 bsc#1259886).
- commit 00821f1
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
- commit c8a645c
- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23381 bsc#1260471).
- commit 21aa5bd
- clsact: Fix use-after-free in init/destroy rollback asymmetry
(CVE-2026-23413 bsc#1261498).
- commit eaf3b22
- icmp: fix NULL pointer dereference in icmp_tag_validation()
(CVE-2026-23398 bsc#1260730).
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23293 bsc#1260486).
- commit 05f5f64
- net/sched: ets: fix divide by zero in the offload path
(CVE-2026-23379 bsc#1260481).
- commit 3672900
- tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414
bsc#1261496).
- commit 1058925
- usb: core: phy: avoid double use of 'usb3-phy' (git-fixes).
- commit 4e8787e
- usb: gadget: uvc: fix NULL pointer dereference during unbind
race (git-fixes).
- commit 4a9ee96
- misc: fastrpc: possible double-free of cctx->remote_heap
(git-fixes).
- comedi: Reinit dev->spinlock between attachments to low-level
drivers (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach
(git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw()
(git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian
(git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in
bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one
(git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct
location (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable
(git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and
gyroscope only (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init
failure (git-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error
path (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
(git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex
(git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
(git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in
dwc2_hsotg_udc_stop() (git-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and
eth_stop (git-fixes).
- thunderbolt: Fix property read in nhi_wake_supported()
(git-fixes).
- commit 4e3d5c2
- Input: synaptics-rmi4 - fix a locking bug in an error path
(git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended()
(git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1()
(git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in
tps53676_identify() (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in
probe (git-fixes).
- commit 08cee84
- Revert "drm: Fix use-after-free on framebuffers and property
blobs when calling drm_dev_unplug" (git-fixes).
- drm/i915/dsi: Don't do DSC horizontal timing adjustments in
command mode (git-fixes).
- drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
(git-fixes).
- commit 79130c8
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path
(git-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- accel/qaic: Handle DBC deactivation if the owner went away
(git-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on
ivb/hsw CPU eDP (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk
(git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- commit 376a907
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D
mode (stable-fixes).
- commit 2d1bac8
- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
(git-fixes).
- wifi: ath11k: Pass the correct value of each TID during a stop
AMPDU session (git-fixes).
- ASoC: Intel: boards: fix unmet dependency on PINCTRL
(git-fixes).
- drm/amdgpu: prevent immediate PASID reuse case (stable-fixes).
- usb: core: new quirk to handle devices with zero configurations
(stable-fixes).
- drm/amdgpu: fix gpu idle power consumption issue for gfx v12
(stable-fixes).
- drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes).
- commit 7612e81
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication
from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before
building the pairing response (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length
(git-fixes).
- Bluetooth: hci_event: fix potential UAF in
hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect()
(git-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if
immediate (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in
iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size
calculation (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add
rollback on failure (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card
(git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- hwmon: axi-fan: don't use driver_override as IRQ name
(git-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk
(stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_put_bits() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error
(stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup()
(stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
(stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup()
(stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1
Fold 16 Gen 1 (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to
dmi_vgbs_allow_list (stable-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix
touchscreen on SUPI S10 (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D
mode (stable-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of
hci_request (stable-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe()
(stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API
(stable-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx()
API (stable-fixes).
- commit a6c10e6
- smb: client: fix krb5 mount with username option (git-fixes).
- commit 0e79d63
- cifs: make default value of retrans as zero (git-fixes).
- commit 5d4b8c7
- smb: client: fix in-place encryption corruption in SMB2_write()
(git-fixes).
- commit e7144ea
- smb: client: fix broken multichannel with krb5+signing
(git-fixes).
- commit c4e64ff
- smb: client: fix cifs_pick_channel when channels are equally
loaded (git-fixes).
- commit dfa0ecd
- cifs: some missing initializations on replay (git-fixes).
- commit d98e800
- smb: client: prevent races in ->query_interfaces() (git-fixes).
- commit 78bd9b1
- smb: client: add proper locking around ses->iface_last_update
(git-fixes).
- commit 2b9d663
- cifs: force interface update before a fresh session setup
(git-fixes).
- commit 99b8edb
- cifs: Fix locking usage for tcon fields (git-fixes).
- commit 2b819dd
- cpufreq/amd-pstate: Set the initial min_freq to
lowest_nonlinear_freq (bsc#1252803).
- commit 6223a40
- cpufreq/amd-pstate: Remove the redundant verify() function
(bsc#1252803).
- commit 2b46ac7
- net: add proper RCU protection to /proc/net/ptype
(CVE-2026-23255 bsc#1259891).
- commit 970622a
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
(CVE-2026-23274 bsc#1260005).
- commit b61cf0b
- netfilter: nf_tables: always walk all pending catchall elements
(CVE-2026-23278 bsc#1259998).
- commit bde2f22
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 4898783
- io_uring/rw: free potentially allocated iovec on cache put
failure (CVE-2026-23259 bsc#1259866).
- commit 1144130
- btrfs: fix zero size inode with non-zero size after log replay
(git-fixes).
- commit f810098
- btrfs: log new dentries when logging parent dir of a conflicting
inode (git-fixes).
- commit 2a2fe4a
- bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
(CVE-2026-23319 bsc#1260735).
- commit afdc54a
- bpf: export bpf_link_inc_not_zero (CVE-2026-23319 bsc#1260735).
- commit 3c0dee1
- Refresh patches.suse/nvme-add-partial_nid-quirk.patch.
- commit a0ca140
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- commit dd3433a
- btrfs: fix reservation leak in some error paths when inserting
inline extent (CVE-2025-71268 bsc#1259865).
- commit f586cfb
- btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 2f2ec59
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- commit 546f802
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- commit 5f963b7
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit aa72668
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit a92902d
- Move upstreamed mana patch into sorted section
- commit 7835c5b
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- bonding: do not set usable_slaves for broadcast mode
(git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (CVE-2026-23386
bsc#1260799).
- commit 1051a48
- xen/privcmd: unregister xenstore notifier on module exit
(git-fixes).
- commit 0c94fec
- xen/privcmd: restrict usage in unprivileged domU (bsc#1259707
CVE-2026-31788).
- commit 0c51260
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment
(git-fixes).
- commit 8028a3b
- phy: ti: j721e-wiz: Fix device node reference leak in
wiz_get_lane_phy_types() (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction
(git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for
cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions
(git-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock
(git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists
(git-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling
(git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release()
(git-fixes).
- commit f22ea44
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (CVE-2026-23317 bsc#1260562).
- commit 62d1ba3
- PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
(CVE-2026-23361 bsc#1260732).
- commit e28de60
- Delete
patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch.
See bsc#1257506.
The git-fix being removed had issues and needs to be redesigned.
In the mean time, reverting this addresses the problem.
See:
> https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47
- commit 14d63c6
- drm/i915/dp_tunnel: Fix error handling when clearing stream
BW in atomic state (git-fixes).
- drm/amd/display: Do not skip unrelated mode changes in DSC
validation (git-fixes).
- commit 4a5f1c3
- hwmon: (adm1177) fix sysfs ABI violation and current unit
conversion (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible()
(git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead
of absolute temperature (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable
sysfs attributes (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
(git-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
(git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial
payload (git-fixes).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value
(git-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable
(git-fixes).
- commit a2172e0
- libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303).
- commit 7606f01
- wifi: libertas: fix use-after-free in lbs_free_adapter()
(CVE-2026-23281 bsc#1260464).
- commit 43b8c42
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- Bluetooth: L2CAP: Fix stack-out-of-bounds read in
l2cap_ecred_conn_req (git-fixes).
- drm/xe: Open-code GGTT MMIO access protection (git-fixes).
- drm/xe/oa: Allow reading after disabling OA stream (git-fixes).
- drm/amdgpu/mmhub4.1.0: add bounds checking for cid
(stable-fixes).
- drm/amd: fix dcn 2.01 check (git-fixes).
- drm/amd/display: Wrap dcn32_override_min_req_memclk() in
DC_FP_{START, END} (git-fixes).
- drm: Fix use-after-free on framebuffers and property blobs
when calling drm_dev_unplug (git-fixes).
- drm/imagination: Fix deadlock in soft reset sequence
(git-fixes).
- mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN
stations (stable-fixes).
- Bluetooth: qca: fix ROM version reading on WCN3998 chips
(git-fixes).
- Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: MGMT: Fix list corruption and UAF in command complete
handlers (git-fixes).
- Bluetooth: ISO: Fix defer tests being unstable (git-fixes).
- USB: add QUIRK_NO_BOS for video capture several devices
(stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET
parameters (stable-fixes).
- drm/i915/dsc: Add Selective Update register definitions
(stable-fixes).
- drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on
smu v13.0.x (stable-fixes).
- drm/amd/display: Fallback to boot snapshot for dispclk
(stable-fixes).
- ASoC: cs42l43: Report insert for exotic peripherals
(stable-fixes).
- drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes).
- commit 11a085d
- serial: 8250: Add late synchronize_irq() to shutdown to handle
DW UART BUSY (git-fixes).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe
(git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure
(git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is
not enough headroom (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local()
(git-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
(git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for
aql_disable (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq
(git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb
speed (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H
(stable-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk
(stable-fixes).
- usb: xhci: Prevent interrupt storm on host controller error
(HCE) (stable-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe()
(stable-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- staging: rtl8723bs: properly validate the data in
rtw_get_ie_ex() (stable-fixes).
- wifi: mac80211: set default WMM parameters on all links
(stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- USB: serial: f81232: fix incomplete serial port generation
(stable-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume()
(stable-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- commit 9cd434e
- nfc: nci: fix circular locking dependency in nci_close_device
(git-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices
without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction()
(git-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to
print inlen (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width
(git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied
(git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND
operations (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent()
in cadence_nand_init() (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser
(git-fixes).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
(git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link
on reconnect (git-fixes).
- PM: runtime: Fix a race condition related to device removal
(git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes
(stable-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks
(stable-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind
(git-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning
void (stable-fixes).
- commit ec2548e
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
(git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- media: mc, v4l2: serialize REINIT and REQBUFS with
req_queue_mutex (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used
(git-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use
sysfs_emit() (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in
parse_edid_displayid_vrr() (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing
(git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path
(git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails
(stable-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire
(stable-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
missing them (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode
with HPD (stable-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration
(stable-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay
calculations (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback
returning void (stable-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields
(stable-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy
(stable-fixes).
- commit 19fcdc7
- Bluetooth: btusb: clamp SCO altsetting table indices
(git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite
loop (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link
(git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
(git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on
mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to
missing sock_hold (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length
in l2cap_ecred_data_rcv() (git-fixes).
- commit d4b4294
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
(git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before
access (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user
(git-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed
SDU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU
exceeds IMTU (git-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4()
fix (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2
mixer interfaces (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA
(stable-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table
(stable-fixes).
- ALSA: hda: cs35l56: Fix signedness error in
cs35l56_hda_posture_put() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255
(stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift
SF314 (stable-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4
(stable-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- commit d930c45
- ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337 CVE-2026-23201).
- commit c1d531a
- libceph: make calc_target() set t->paused, not just clear it (bsc#1257682 CVE-2026-23047).
- commit 9134bbf
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit f09c977
- Update config files.
Pure run_oldconfig -- dismiss removed configs like
CONFIG_TEST_LIVEPATCH.
- commit 9d0caee
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit b964f1d
- RDMA/siw: Fix potential NULL pointer dereference in header processing (CVE-2026-23242 bsc#1259795)
- commit b14d408
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- commit a1c1b16
- Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
This reverts commit 7b00832607c6c999e43cce72e2a7feaf7db3bbfa.
- commit 6e3ca09
- Update kabi files (jsc#PED-15582).
- commit c06e238
- bpf, test_run: Subtract size of xdp_frame from allowed metadata
size (CVE-2026-23140 bsc#1258305).
- commit 2fff83a
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue
(bsc#1255687, git-fixes).
- commit 7ef9035
- scsi: hisi_sas: Fix NULL pointer exception during user_scan()
(bsc#1255687).
- commit 0bea95d
- s390/debug: Pass in and enforce output buffer size for format
handlers (jsc#PED-15582).
- Refresh
patches.suse/s390-pci-Add-pci_msg-debug-view-to-PCI-report.patch.
- commit d8dd9c7
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
(CVE-2026-23231 bsc#1259188).
- netfilter: nf_tables: register hooks last when adding new
chain/flowtable (CVE-2026-23231 bsc#1259188).
- commit fd540e6
- Refresh azure config files, no runtime changes intended.
- commit 5cf84bb
- x86/vmware: Fix hypercall clobbers (CVE-2026-23215 bsc#1258476).
- commit 1c8c139
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- nvme: add support for dynamic quirk configuration via module
parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
Refresh:
- patches.suse/nvme-add-partial_nid-quirk.patch
- commit c6a41b6
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit dff8745
- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 975023c
- pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (CVE-2026-23187 bsc#1258330)
- commit 4b333af
- phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (CVE-2026-23030 bsc#1257561)
- commit 4c335f0
- Use unified maintainers' email address
- commit d015f19
- Use unified maintainers' email address
- commit e7955e0
- Use unified maintainers' email address
- commit 3c803fb
- vhost: fix caching attributes of MMIO regions by setting them
explicitly (git-fixes).
- commit 08a5f81
- vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
(git-fixes).
- commit 096a8f1
- xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).
- commit da0ad33
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fix).
- commit 4b21ba9
- iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794 bsc#1256647)
- commit bad6b8a
- net: mana: fix use-after-free in mana_hwc_destroy_channel()
by reordering teardown (git-fixes).
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fixes).
- commit 679a815
- Refresh
patches.suse/selftests-bpf-add-verifier-sign-extension-bound-comp.patch.
Updated expected BPF verifier message to align with those output by
SLE15-SP7 kernel.
- commit bc643c5
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- commit 4484921
- usb: roles: get usb role switch from parent only for
usb-b-connector (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path
(git-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device
removal (git-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow
in check_command_size_in_blocks() (git-fixes).
- USB: core: Limit the length of unkillable synchronous timeouts
(git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified
timeouts (git-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- usb: core: don't power off roothub PHYs if phy_set_mode()
fails (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling
(git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling
(git-fixes).
- iio: chemical: sps30_serial: fix buffer size in
sps30_serial_read_meas() (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in
sps30_i2c_read_meas() (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation
(git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper
shift (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask
(git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value
(git-fixes).
- commit 4702653
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/amdgpu: Fix kernel-doc comments for some LUT properties
(git-fixes).
- drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT
for smu v14 (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm: Fix dma_free_attrs() buffer size (git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes).
- drm/xe: Do not preempt fence signaling CS instructions
(git-fixes).
- drm/exynos: vidi: use ctx->lock to protect struct vidi_context
member variables related to memory alloc/free (stable-fixes).
- drm/exynos: vidi: fix to avoid directly dereferencing user
pointer (stable-fixes).
- drm/exynos/vidi: Remove redundant error handling in
vidi_get_modes() (stable-fixes).
- commit 56adb0e
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding
(git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock
acquisition (git-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for
clock acquisition (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and
widgets (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush
(git-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop
and start (git-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (git-fixes).
- commit 1a186d1
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424).
- commit f8a95c7
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 6e65546
- Add bugnumber to existing mana changes (bsc#1259558 bsc#1259580).
- Drivers: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes).
- Drivers: hv: Fix bad pointer dereference in hv_get_partition_id (git-fixes).
- hyperv: Convert hypercall statuses to linux error codes (git-fixes).
- drivers/hv: add CPU offlining support (git-fixes).
- drivers/hv: introduce vmbus_channel_set_cpu() (git-fixes).
- cpu: export lockdep_assert_cpus_held() (git-fixes).
- hyperv: Move arch/x86/hyperv/hv_proc.c to drivers/hv (git-fixes).
- hyperv: Move hv_current_partition_id to arch-generic code (git-fixes).
- commit 7492ec1
- ACPI: OSL: fix __iomem type on return from
acpi_os_map_generic_address() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable()
return value (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets
(git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum
errors (git-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size
(git-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request
(git-fixes).
- commit 5d32ac9
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit 9f31a2e
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186,
bsc#1258832).
- commit 4fde182
- RDMA/rtrs-clt: For conn rejection use actual err number (git-fixes)
- commit c91403f
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: boundary check before installing cq callbacks (git-fixes CVE-2024-38542 bsc#1226591).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- commit 8690084
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit a33e581
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit c330474
- cgroup: Fix incorrect WARN_ON_ONCE() in css_release_work_fn()
(bsc#1256564 bsc#1259130).
- commit af50ef7
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258176).
- commit bad7291
- Update config files (bsc#1254306).
- commit 6305722
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 43c578c
- Update config files (bsc#1254306).
- commit 3c7bab7
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 165c4b3
- kabi: cgroup.stat fixup (bsc#1256564 bsc#1259130).
- commit 6ccb250
- cgroup: Show # of subsystem CSSes in cgroup.stat (bsc#1256564
bsc#1259130).
- commit e9ca9e6
- selftests/bpf: add verifier sign extension bound computation
tests (git-fixes).
- bpf: verifier improvement in 32bit shift sign extension pattern
(git-fixes).
- commit cbb7102
- Add bugnumber to existing mana changes (bsc#1245728 bsc#1251971 bsc#1252266 bsc#1257466)
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes).
- Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: util: Cosmetic changes for hv_utils_transport.c (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- tools/hv: fcopy: Fix irregularities with size of ring buffer (git-fixes).
- x86/hyperv: Fix usage of cpu_online_mask to get valid cpu (git-fixes).
- PCI: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- clocksource: hyper-v: Fix warnings for missing export.h header inclusion (git-fixes).
- x86/hyperv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Fix the check for HYPERVISOR_CALLBACK_VECTOR (git-fixes).
- Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- Drivers: hv: Use kzalloc for panic page allocation (git-fixes).
- uio_hv_generic: Align ring size to system page (git-fixes).
- uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes).
- Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes).
- Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- x86/hyperv: fix an indentation issue in mshyperv.h (git-fixes).
- x86/hyperv: Use named operands in inline asm (git-fixes).
- commit fbd3c33
- dm mpath: make pg_init_delay_msecs settable (git-fixes).
- commit b5dcc03
- dm: clear cloned request bio pointer when last clone bio
completes (git-fixes).
- commit f2572c8
- dm: remove fake timeout to avoid leak request (git-fixes).
- commit 04135ad
- usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed
PDOs (git-fixes).
- commit da08138
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
(git-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- commit 29de358
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
(git-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done()
(git-fixes).
- drm/solomon: Fix page start when updating rectangle in page
addressing mode (git-fixes).
- platform/x86: dell-wmi-sysman: Don't hex dump plaintext password
data (git-fixes).
- commit 76161b1
- tracing: Fix crash on synthetic stacktrace field usage
(CVE-2026-23088 bsc#1257814).
- commit 5950c9c
- tracing: Do not register unsupported perf events (CVE-2025-71125
bsc#1256784).
- commit 83b1b69
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion
callback (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths
(git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications
(git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read
bulk callback (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages
(git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper
length of a message (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open
(git-fixes).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- wifi: mt76: Fix possible oob access in
mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in
mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in
mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
(git-fixes).
- batman-adv: Avoid double-rtnl_lock ELP metric worker
(git-fixes).
- commit 502e268
- drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811).
- commit d38edfb
- drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt
(stable-fixes).
- commit 4302d49
- drm/xe: Defer gt->mmio initialization until after multi-tile
setup (git-fixes).
- commit fd760a3
- drm/xe/ptl: Apply Wa_13011645652 (stable-fixes).
- Refresh
patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch.
- commit 6feb03f
- drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138
(git-fixes).
- drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/amd/display: Remove conditional for shaper 3DLUT power-on
(stable-fixes).
- drm/amd/display: bypass post csc for additional color spaces
in dal (stable-fixes).
- drm/amd/display: Increase DCN35 SR enter/exit latency
(stable-fixes).
- drm/amd/display: Fix system resume lag issue (stable-fixes).
- drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes).
- wifi: ath11k: Fix failure to connect to a 6 GHz AP
(stable-fixes).
- wifi: cfg80211: allow only one NAN interface, also in multi
radio (stable-fixes).
- wifi: rtw89: mac: correct page number for CSI response
(stable-fixes).
- wifi: rtw89: ser: enable error IMR after recovering from L1
(stable-fixes).
- wifi: rtw89: 8922a: set random mac if efuse contains zeroes
(stable-fixes).
- drm/amd/display: avoid dig reg access timeout on usb4 link
training fail (stable-fixes).
- drm/amd/display: Fix GFX12 family constant checks
(stable-fixes).
- drm/amd/display: Disable FEC when powering down encoders
(stable-fixes).
- drm/amdkfd: Relax size checking during queue buffer get
(stable-fixes).
- drm/amd/display: only power down dig on phy endpoints
(stable-fixes).
- drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes).
- drm/xe: Only toggle scheduling in TDR if GuC is running
(stable-fixes).
- drm/panel: Fix a possible null-pointer dereference in
jdi_panel_dsi_remove() (stable-fixes).
- drm/amd/display: Fix dsc eDP issue (stable-fixes).
- drm/amd/display: Add signal type check for dcn401
get_phyd32clk_src (stable-fixes).
- drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32
(stable-fixes).
- drm/amdkfd: Handle GPU reset and drain retry fault race
(stable-fixes).
- drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes).
- drm/tests: shmem: Swap names of export tests (git-fixes).
- gpu/panel-edp: add AUO panel entry for B140HAN06.4
(stable-fixes).
- media: v4l2-async: Fix error handling on steps after finding
a match (stable-fixes).
- ALSA: vmaster: Relax __free() variable declarations (git-fixes).
- drm/xe/xe2_hpg: Add set of workarounds (stable-fixes).
- drm/xe: Adjust mmio code to pass VF substructure to SRIOV code
(stable-fixes).
- drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes).
- drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes).
- drm/xe: Populate GT's mmio iomap from tile during init
(stable-fixes).
- drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio'
(stable-fixes).
- drm/xe: Clarify size of MMIO region (stable-fixes).
- drm/xe: Create dedicated xe_mmio structure (stable-fixes).
- drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes).
- commit 2244462
- pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong
adb400 reset (git-fixes).
- commit 2918962
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Cancel delayed work on component remove
(git-fixes).
- commit b862c94
- spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe() (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration
failure (stable-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option
(stable-fixes).
- wifi: ath10k: fix lock protection in
ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume
(stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len
(stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation
(stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
(stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il4965_store_tx_power() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il3945_store_measurement() (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN
mode (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
(stable-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period
is zero (stable-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with
spi_mem_access_start/end (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR
situations (stable-fixes).
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi-geni-qcom: initialize mode related registers to 0
(stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma()
(stable-fixes).
- tools/power cpupower: Reset errno before strtoull()
(stable-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- commit 9ae9cd6
- PCI: Add defines for bridge window indexing (stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 7f99d8e
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
(stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 8b1fafb
- media: dvb-net: fix OOB access in ULE extension header tables
(git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
(stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
(stable-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts
(stable-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
(stable-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded
of NUC15) (stable-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path
(stable-fixes).
- staging: rtl8723bs: fix missing status update on
sdio_alloc_irq() failure (stable-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay
to 5ms" (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
(git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in
bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
(stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in
uhdlc_memclean() (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast
filter (stable-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(stable-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(stable-fixes).
- media: rkisp1: Fix filter mode register configuration
(stable-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup()
(stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex
(stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: adv7180: fix frame interval in progressive mode
(stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for
DEC_CMD_START (stable-fixes).
- media: omap3isp: isppreview: always clamp in
preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
(stable-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs
(stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
(stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
(stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input
(stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple
keyboards (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe
(stable-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in
svc_i3c_master_ibi_isr() (stable-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
(stable-fixes).
- PCI: Log bridge info when first enumerating bridge
(stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window
details (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window
accessors (stable-fixes).
- commit 291a680
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
(stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amd/display: Avoid updating surface with the same surface
under MPO (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(stable-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst
(stable-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing
(stable-fixes).
- fix it87_wdt early reboot by reporting running timer
(stable-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1
(stable-fixes).
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS
(stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections
(stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode
timeout (stable-fixes).
- drm/atmel-hlcdc: don't reject the commit if the src rect has
fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after
release (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state
callback (stable-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in
svm_migrate_gart_map() (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler
(stable-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings
(stable-fixes).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
(stable-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi
(stable-fixes).
- ASoC: codecs: max98390: Check return value of
devm_gpiod_get_optional() in max98390_i2c_probe()
(stable-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for
devm_regmap_init_mmio (stable-fixes).
- ASoC: wm8962: Don't report a microphone if it's shorted to
ground on plug (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
(stable-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- docs: fix WARNING document not included in any toctree
(stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices
(stable-fixes).
- commit 0c8127e
- ASoC: nau8821: Consistently clear interrupts before unmasking
(git-fixes).
- Refresh
patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch.
- commit abf4286
- ALSA: usb-audio: Add sanity check for OOB writes at silencing
(stable-fixes).
- ALSA: usb-audio: Update the number of packets properly at
receiving (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X
USB Audio (stable-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie
15X Pro (stable-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record
(stable-fixes).
- ACPI: processor: Fix NULL-pointer dereference in
acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
(stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
(stable-fixes).
- commit d3af28a
- spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes)
- commit 9802dbf
- spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes)
- commit 64847d6
- spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes)
- commit bd7c7ca
- arm64: Disable branch profiling for all arm64 code (git-fixes)
- commit 1953e74
- arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes)
- commit c0727ca
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (git-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(git-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(git-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(git-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes).
- PCI: Fix pci_slot_lock () device locking (git-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(git-fixes).
- PCI/MSI: Unmap MSI-X region on error (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes).
- commit e99138a
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
(CVE-2026-23169 bsc#1258389).
- commit fdf82e1
- net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154
bsc#1258286).
- commit fa03082
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit bd83957
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit aab63d9
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() helper which is required.
- commit 926e136
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- iommu/mediatek: fix use-after-free on probe deferral
(CVE-2025-71071 bsc#1256802).
- commit 0b777d9
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 9bb0920
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit ccf2d31
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
(CVE-2026-23113 bsc#1258278).
- commit 2e91927
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 1c35b41
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
(CVE-2026-23179 bsc#1258394).
- commit 63de389
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (bsc#1256683 CVE-2025-68778).
- commit 0cd8ff8
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit e38d2c3
- landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698).
- commit cdf3815
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- commit 5db1b51
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
for 8mq vpu (CVE-2026-23116 bsc#1258277).
- commit 1905ad8
- Add bugnumber to existing mana change (bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- commit 425b20d
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- commit 175e6eb
- nvme-fc: release admin tagset if init fails (git-fixes).
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
(git-fixes).
- nvme-fc: don't hold rport lock when putting ctrl (git-fixes).
- commit d0ac38c
- bonding: fix use-after-free due to enslave fail after slave
array update (CVE-2026-23171 bsc#1258349).
- bonding: provide a net pointer to __skb_flow_dissect()
(CVE-2026-23119 bsc#1258273).
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- net: bonding: update the slave array for broadcast mode
(CVE-2026-23171 bsc#1258349).
- commit d461cd4
- Update
patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch
(stable-fixes CVE-2026-23157 bsc#1258376).
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch
(bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch
(bsc#1257952 CVE-2026-23202 bsc#1258338).
- commit 9f4fee7
- Update
patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch
(git-fixes CVE-2026-23128 bsc#1258298).
- Update
patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch
(bsc#1257279 CVE-2026-22989).
- Update
patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch
(git-fixes CVE-2026-23065 bsc#1257742).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch
(git-fixes CVE-2026-23062 bsc#1257734).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch
(git-fixes CVE-2026-23131 bsc#1258297).
- Update
patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch
(git-fixes CVE-2026-23038 bsc#1257553).
- commit b60a065
- Update
patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch
(git-fixes CVE-2025-71192 bsc#1257679).
- Update
patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch
(stable-fixes CVE-2026-23076 bsc#1257788).
- Update
patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch
(git-fixes CVE-2026-23078 bsc#1257789).
- Update
patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch
(git-fixes CVE-2026-23190 bsc#1258397).
- Update
patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch
(git-fixes CVE-2026-23151 bsc#1258237).
- Update
patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch
(git-fixes CVE-2026-23146 bsc#1258234).
- Update
patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch
(stable-fixes CVE-2026-23178 bsc#1258358).
- Update
patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch
(git-fixes CVE-2026-23221 bsc#1258660).
- Update
patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch
(git-fixes CVE-2026-23058 bsc#1257739).
- Update
patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch
(git-fixes CVE-2026-23037 bsc#1257554).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch
(git-fixes CVE-2026-23155 bsc#1258313).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch
(git-fixes CVE-2026-23082 bsc#1257715).
- Update
patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch
(stable-fixes CVE-2025-71182 bsc#1257586).
- Update
patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch
(git-fixes CVE-2026-23061 bsc#1257776).
- Update
patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23080 bsc#1257714).
- Update
patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23108 bsc#1257770).
- Update
patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch
(git-fixes CVE-2025-71231 bsc#1258424).
- Update
patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch
(git-fixes CVE-2026-23222 bsc#1258484).
- Update
patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch
(git-fixes CVE-2026-23229 bsc#1258429).
- Update
patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch
(git-fixes CVE-2025-71191 bsc#1257579).
- Update
patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch
(git-fixes CVE-2025-71190 bsc#1257580).
- Update
patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch
(git-fixes CVE-2025-71189 bsc#1257573).
- Update
patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch
(git-fixes CVE-2025-71188 bsc#1257576).
- Update
patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
(git-fixes CVE-2026-23033 bsc#1257570).
- Update
patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch
(git-fixes CVE-2026-23026 bsc#1257562).
- Update
patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch
(git-fixes CVE-2025-71185 bsc#1257560).
- Update
patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch
(git-fixes CVE-2025-71195 bsc#1257704).
- Update patches.suse/dpll-Prevent-duplicate-registrations.patch
(git-fixes CVE-2026-23129 bsc#1258299).
- Update
patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch
(git-fixes CVE-2026-23163 bsc#1258544).
- Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch
(git-fixes CVE-2026-23170 bsc#1258379).
- Update
patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch
(git-fixes CVE-2026-23049 bsc#1257723).
- Update
patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch
(git-fixes CVE-2026-23156 bsc#1258317).
- Update
patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch
(git-fixes CVE-2026-23145 bsc#1258326).
- Update
patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch
(git-fixes CVE-2025-71199 bsc#1257750).
- Update
patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch
(git-fixes CVE-2025-71198 bsc#1257741).
- Update
patches.suse/intel_th-fix-device-leak-on-output-open.patch
(git-fixes CVE-2026-23091 bsc#1257813).
- Update
patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch
(git-fixes CVE-2026-23101 bsc#1257768).
- Update
patches.suse/mISDN-annotate-data-race-around-dev-work.patch
(git-fixes CVE-2026-23121 bsc#1258309).
- Update
patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch
(git-fixes CVE-2025-71200 bsc#1258222).
- Update
patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch
(git-fixes CVE-2026-23021 bsc#1257557).
- Update
patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch
(git-fixes CVE-2026-23172 bsc#1258519).
- Update
patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch
(git-fixes CVE-2026-23150 bsc#1258354).
- Update
patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch
(git-fixes CVE-2026-23167 bsc#1258374).
- Update
patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch
(git-fixes CVE-2025-71196 bsc#1257716).
- Update
patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch
(git-fixes CVE-2026-23176 bsc#1258256).
- Update
patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch
(git-fixes CVE-2026-23071 bsc#1257706).
- Update
patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch
(bsc#1256863 CVE-2025-71235 bsc#1258469).
- Update
patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch
(bsc#1256863 CVE-2025-71232 bsc#1258422).
- Update
patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch
(bsc#1256863 CVE-2025-71236 bsc#1258442).
- Update
patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch
(git-fixes CVE-2026-23090 bsc#1257759).
- Update
patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch
(git-fixes CVE-2026-23068 bsc#1257805).
- Update
patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch
(git-fixes CVE-2026-23182 bsc#1258259).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch
(git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch
(git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338).
- Update
patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch
(git-fixes CVE-2026-23063 bsc#1257722).
- Update
patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch
(git-fixes CVE-2026-23096 bsc#1257809).
- Update
patches.suse/uacce-fix-isolate-sysfs-check-condition.patch
(git-fixes CVE-2026-23094 bsc#1257811).
- Update
patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch
(git-fixes CVE-2026-23056 bsc#1257729).
- Update
patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch
(git-fixes CVE-2025-71197 bsc#1257743).
- Update
patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23133 bsc#1258249).
- Update
patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23135 bsc#1258245).
- Update
patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch
(git-fixes CVE-2026-23152 bsc#1258252).
- Update
patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch
(stable-fixes CVE-2025-71224 bsc#1258824).
- Update
patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch
(git-fixes CVE-2026-23073 bsc#1257707).
- Update
patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch
(git-fixes CVE-2025-71234 bsc#1258419).
- Update
patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch
(git-fixes CVE-2025-71229 bsc#1258415).
- Update
patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch
(stable-fixes CVE-2025-71222 bsc#1258279).
- commit 30080c1
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- commit 7b00832
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
(CVE-2026-23166 bsc#1258272).
- net/mlx5e: TC, delete flows only for existing peers
(CVE-2026-23173 bsc#1258520).
- commit 1315a36
- device property: Allow secondary lookup in
fwnode_get_next_child_node() (git-fixes).
- commit 13b0bcb
- drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user
(stable-fixes).
- commit 954a53a
- drm/amd: Disable MES LR compute W/A (git-fixes).
- drm/amdgpu: Fix locking bugs in error paths (git-fixes).
- drm/amdgpu: Unlock a mutex before destroying it (git-fixes).
- drm/xe/sync: Cleanup partially initialized sync on parse failure
(git-fixes).
- commit 8b90e65
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB
Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback
mode, too (stable-fixes).
- commit 94dd673
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- mmc: mmci: Fix device_node reference leak in
of_get_dml_pipe_index() (git-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation
(git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations
(git-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite
devices (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path
(git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
(git-fixes).
- drm/logicvc: Fix device node reference leak in
logicvc_drm_config_parse() (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (git-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in
vmw_bo_dirty_release (git-fixes).
- commit b1fa310
- scsi: core: Wake up the error handler when final completions
race against each other (CVE-2026-23110 bsc#1257761).
- commit 59f5efa
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 5bf422c
- netfilter: nf_conncount: update last_gc only when GC has been
performed (CVE-2026-23139 bsc#1258304).
- commit 9a70b26
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU
is too short (git-fixes).
- commit f391178
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- wifi: mac80211: fix NULL pointer dereference in
mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: bounds-check link_id in
ieee80211_ml_reconfiguration (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
(git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- nfc: pn533: properly drop the usb interface reference on
disconnect (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for
L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable
on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
(git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished
tasklets (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801
(git-fixes).
- net: usb: kaweth: remove TX queue manipulation in
kaweth_set_rx_mode (git-fixes).
- commit d2c7de0
- Revert "bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860)."
This reverts commit 45e79fa43bd459d00fcbd8572c0235c97ead4eac.
- commit 5c2ddac
- Revert "bpf: selftests: test_tunnel: Setup fresh topology for each"
This reverts commit 68c386807298a24f9aaa6abc773ca2e55811d8b6.
- commit ca269d7
- Revert "bpf: selftests: test_tunnel: Use vmlinux.h declarations"
This reverts commit b101cc06246d1d56fdccbf3b52a3e33d3ab78fcd.
- commit 639f9af
- Revert "bpf: selftests: Move xfrm tunnel test to test_progs"
This reverts commit baa465cbeff2a2ccfc187f1574d3d0355859f272.
- commit a6bd63d
- Revert "bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()"
This reverts commit 403fe191fe7429208c4374563e8fc715d173c238.
- commit 39fadc8
- Revert "selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860)."
This reverts commit 89e2c21a144bfef03d958aa8aba86be1de03c133.
- commit 5770b5a
- Revert "selftests/bpf: Use log_err in open_netns/close_netns"
This reverts commit 9e46239ec7083baf333a04a0a51b2129f7122e7a.
- commit 68fe369
- Revert "selftests/bpf: Use start_server_addr in test_sock_addr"
This reverts commit 1e47448bd1a58eeab1dd8308a33e87a13bfbc5fe.
- commit 9b790d3
- Revert "selftests/bpf: Use connect_to_addr in test_sock_addr"
This reverts commit 00365076b79bf8b793ffcbbe165fb923d3e076bd.
- commit cc69856
- Revert "selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860)."
This reverts commit 786d917527f8c57750479330c284ce9ede53e6e6.
- commit a0a2a9a
- Revert "selftests/bpf: test_tunnel: Add generic_attach* helpers"
This reverts commit d00f95407a6bf8c5e0fe175806995c6a8bba1683.
- commit 5760cd8
- Revert "selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860)."
This reverts commit 1525c5f10c0ca570c1e6e641af561065636f1356.
- commit bd8651e
- Revert "selftests/bpf: test_tunnel: Move gre tunnel test to test_progs"
This reverts commit 84e2ac063d854f26c493e4576f3154c31e7ef2bb.
- commit 3729eff
- Revert "selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs"
This reverts commit cea730b64379dd4265fc22c3a8dcfdbd6632a373.
- commit 773df48
- Revert "selftests/bpf: test_tunnel: Move erspan tunnel tests to"
This reverts commit 90ab03e0fed26cdd1ee6878c11beaa5641ed4ee1.
- commit 391cff5
- Revert "selftests/bpf: test_tunnel: Move ip6erspan tunnel test to"
This reverts commit 9d0a9339e46eb2c68faa309c432df999a044ff8a.
- commit b3ce611
- Revert "selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs"
This reverts commit cff739edc102c0cf0e6bf0be504c669e73ca82b6.
- commit 447b0a9
- Revert "selftests/bpf: test_tunnel: Move ip6geneve tunnel test to"
This reverts commit 168675720cca9f6bfbf6b34c72da4b14ac8ecc3e.
- commit 990a5e1
- Revert "selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to"
This reverts commit 26f094635338982e7cf328585ba0e3b174e0e237.
- commit a0926bf
- Revert "selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860)."
This reverts commit 542a820e6c16a29a38de43382592291155a85b37.
- commit 1168a2b
- Revert "selftests/bpf: Add tc helpers (bsc#1258860)."
This reverts commit a635f692532a997ddc4668475305776129f1a250.
- commit 033e435
- Revert "selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big"
This reverts commit e252cc0f9b00a28f8103ec74a25d1ede910e6493.
- commit 3337410
- Revert "selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs"
This reverts commit 900bd3fb0f6ad0d835060091065f93b8b2f4210b.
- commit 959a197
- Revert "selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860)."
This reverts commit 96504e8a2651dca694614c965eb984216c94f994.
- commit e629708
- Revert "selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860)."
This reverts commit 83fdb5c0e6bca17ff1eb8cf9bacdfd20b9046a81.
- commit ba86619
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 2e0cb69
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(CVE-2026-23213 bsc#1258465).
- commit bec3979
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(CVE-2026-23213 bsc#1258465).
- commit 3b81ead
- ice: Fix PTP NULL pointer dereference during VSI rebuild
(CVE-2026-23210 bsc#1258517).
- commit 2aa5940
- media: dvb-core: fix wrong reinitialization of ringbuffer on
reopen (git-fixes).
- commit ba51966
- NFS: Fix a deadlock involving nfs_release_folio()
(CVE-2026-23053 bsc#1257718).
- commit 492ba43
- selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860).
- selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860).
- selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs
(bsc#1258860).
- selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big
endian platforms (bsc#1258860).
- selftests/bpf: Add tc helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6geneve tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6erspan tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move erspan tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Add generic_attach* helpers
(bsc#1258860).
- selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860).
- selftests/bpf: Use connect_to_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use start_server_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use log_err in open_netns/close_netns
(bsc#1258860).
- selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860).
- bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()
(bsc#1258860).
- bpf: selftests: Move xfrm tunnel test to test_progs
(bsc#1258860).
- bpf: selftests: test_tunnel: Use vmlinux.h declarations
(bsc#1258860).
- bpf: selftests: test_tunnel: Setup fresh topology for each
subtest (bsc#1258860).
- bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860).
- commit 83fdb5c
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit e973f50
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
memslot (CVE-2025-68810 bsc#1256679).
- commit a9c2c12
- md: suspend array while updating raid_disks via sysfs
(CVE-2025-71225, bsc#1258411).
- commit 22f1953
- nfsd: use correct loop termination in nfsd4_revoke_states()
(git-fixes).
- Refresh
patches.suse/nfsd-allow-delegation-state-ids-to-be-revoked-and-th.patch.
- Refresh
patches.suse/nfsd-allow-lock-state-ids-to-be-revoked-and-then-fre.patch.
- Refresh
patches.suse/nfsd-allow-open-state-ids-to-be-revoked-and-then-fre.patch.
- commit fb809d5
- nfsd: check that server is running in unlock_filesystem
(bsc#1257279).
- commit 82fa4f8
- Refresh
patches.suse/nfsd-prepare-for-supporting-admin-revocation-of-stat.patch.
- commit aa19d66
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 069aa1f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit f42de87
- cpufreq/amd-pstate: Add missing NULL ptr check in
amd_pstate_update (bsc#1247180).
- commit c78e422
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put()
(bsc#1247180).
- commit d5dd703
- config.conf: add kernel-azure as additonal flavor (bsc#1258037)
The content is based on commit b5b375e749d.
This makes kernel-source-azure and kernel-syms-azure obsolete.
- commit 64f6ce8
- Move upstreamed mm and SCSI patches into sorted section
- commit 2b576e9
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- net: fix memory leak in skb_segment_list for GRO packets
(CVE-2026-22979 bsc#1257228).
- commit 59160d7
- block,bfq: fix aux stat accumulation destination (git-fixes).
- commit 8a3658b
- rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE
Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit
0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1
- commit 21b4616
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- bonding: only set speed/duplex to unknown, if getting speed
failed (bsc#1253691).
- commit 0b66a07
- rtc: interface: Alarm race handling should not discard preceding
error (git-fixes).
- commit f96272c
- NTB: ntb_transport: Fix too small buffer for debugfs_name
(git-fixes).
- commit 269c576
- drm/amd/display: Fix out-of-bounds stream encoder index v3
(git-fixes).
- drm/amd/display: Reject cursor plane on DCE when scaled
differently than primary (git-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amdgpu: Use kvfree instead of kfree in
amdgpu_gmc_get_nps_memranges() (git-fixes).
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(git-fixes).
- commit 864dc69
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 895c473
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by
set_sysclk (git-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64
bpp formats (git-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
(git-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using
pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
(git-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- commit 2183b13
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- cpufreq/amd-pstate: store all values in cpudata struct in khz
(bsc#1247180).
- commit 6cd4814
- net: usb: catc: enable basic endpoint checking (git-fixes).
- ASoC: cs42l43: Correct handling of 3-pole jack load detection
(stable-fixes).
- drm/amd/display: remove assert around dpp_base replacement
(stable-fixes).
- drm/amd/display: extend delta clamping logic to CM3 LUT helper
(stable-fixes).
- commit c79d431
- net: nfc: nci: Fix parameter validation for packet data
(git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device
removal (git-fixes).
- USB: serial: option: add Telit FN920C04 RNDIS compositions
(stable-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace
(stable-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show()
(git-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
(stable-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks
(stable-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
(stable-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error
path (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
(stable-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not
used (stable-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in
sysfs show functions (stable-fixes).
- commit 436dcdb
- config.conf: Drop armv7hl builds
commit 09ee386c4ae dropped support for armv7hl
in SLE15-SP7, SUSE-2024 never supported it,
therefore, no branch downstream of fixes/linux-6.4
supports this arch (bsc#1255265).
- commit 5dc5aaf
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online
CPUs (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
(git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version
check (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments
(git-fixes).
- commit 700df2d
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit e8190a1
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit 2a01723
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes).
- commit 8d92bbb
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
(git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
(git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- staging: rtl8723bs: fix null dereference in find_network
(git-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe()
(git-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw
(git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request
(git-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to
be added (git-fixes).
- commit e89b2ea
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253644).
- commit 647b0eb
- idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023
bsc#1257556).
- commit 1342616
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit 27fe347
- s390/cio: Update purge function to unregister the unused
subchannels (bsc#1254214).
- commit f8efca2
- leds: qcom-lpg: Check the return value of regmap_bulk_write()
(git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations
(git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994
(git-fixes).
- mfd: arizona: Fix regulator resource leak on
wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core
struct and tps6105x_mode (git-fixes).
- Revert "mfd: da9052-spi: Change read-mask to write-mask"
(stable-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func()
(git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
(git-fixes).
- pinctrl: equilibrium: Fix device node reference leak in
pinbank_init() (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
(stable-fixes).
- commit 516fe60
- cpufreq/amd-pstate: Fix the clamping of perf values
(bsc#1247180).
- commit 1c51466
- cpufreq/amd-pstate: Modularize perf<->freq conversion
(bsc#1247180).
- commit b734845
- cpufreq/amd-pstate: Refactor max frequency calculation
(bsc#1247180).
- commit 3f6ce63
- cpufreq/amd-pstate: fix setting policy current frequency value
(bsc#1247180).
- refresh: patches.suse/cpufreq-amd-pstate-add-check-for-cpufreq_cpu_get-s-return-value.patch
- commit 1ceeaef
- cpufreq: amd-pstate: Unify computation of
{max,min,nominal,lowest_nonlinear}_freq (bsc#1247180).
- commit e72d986
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153 bsc#1258226)
- commit a1168ae
- Input: stmfts - make comments correct (git-fixes).
- Input: stmfts - correct wording for the warning message
(git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
(git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly
(git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup
(git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in
tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate()
(git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible
(git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
(git-fixes).
- fbdev: of: display_timing: fix refcount leak in
of_get_display_timings() (git-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo()
(git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core
helper (git-fixes).
- commit b135afb
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- commit 2fe2c66
- platform/x86: ISST: Add missing write block check (git-fixes).
- commit 0d05e52
- crypto: ccp - Add an S4 restore flow (git-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak
in isolate_cpus() (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait
helper (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in
parse_fixed_partitions() (git-fixes).
- mtd: parsers: Fix memory leak in
mtd_parser_tplink_safeloader_parse() (git-fixes).
- commit 766aa67
- ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763).
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
(CVE-2026-23035 bsc#1257559).
- idpf: fix error handling in the init_task on load
(CVE-2026-23017 bsc#1257552).
- commit fb93c36
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
(git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in
power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are
unsupported (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for
nvmem_cell_write (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: rt9455: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: ab8500: Fix use-after-free in
power_supply_changed() (git-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- rapidio: replace rio_free_net() with kfree() in
rio_scan_alloc_net() (git-fixes).
- commit 46137a2
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 75a3dd5
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit a17643b
- Update upstreamed net and powerpc patch references and sorting
- commit 638a424
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit 1d88ad6
- vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057).
- commit 09262b6
- drm/xe: Unregister drm device on probe error (git-fixes).
- drm/msm/dpu: drop intr_start from DPU 3.x catalog files
(git-fixes).
- drm/msm/disp: set num_planes to 1 for interleaved YUV formats
(git-fixes).
- drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes).
- drm/msm/dpu: Set vsync source irrespective of mdp top support
(git-fixes).
- drm/bridge: anx7625: Fix invalid EDID size (git-fixes).
- drm/amdkfd: Fix signal_eviction_fence() bool return value
(git-fixes).
- drm/amd: Drop "amdgpu kernel modesetting enabled" message
(git-fixes).
- drm/panthor: Evict groups before VM termination (git-fixes).
- drm/panel: sw43408: Remove manual invocation of unprepare at
remove (git-fixes).
- drm/panthor: Make sure we resume the tick when new jobs are
submitted (git-fixes).
- drm/panthor: Fix the logic that decides when to stop ticking
(git-fixes).
- drm/panthor: Fix immediate ticking on a disabled tick
(git-fixes).
- drm/panthor: Fix the group priority rotation logic (git-fixes).
- drm/panthor: Fix the full_tick check (git-fixes).
- drm/panthor: Recover from panthor_gpu_flush_caches() failures
(git-fixes).
- media: verisilicon: AV1: Fix tile info buffer size (git-fixes).
- media: ipu6: Fix RPM reference leak in probe error paths
(git-fixes).
- media: ipu6: Fix typo and wrong constant in ipu6-mmu.c
(git-fixes).
- media: ccs: Fix setting initial sub-device state (git-fixes).
- media: tegra-video: Fix memory leak in
__tegra_channel_try_format() (git-fixes).
- media: verisilicon: AV1: Set IDR flag for intra_only frame type
(git-fixes).
- media: amphion: Drop min_queued_buffers assignment (git-fixes).
- media: verisilicon: AV1: Fix tx mode bit setting (git-fixes).
- media: verisilicon: AV1: Fix enable cdef computation
(git-fixes).
- media: chips-media: wave5: Fix memory leak on codec_info
allocation failure (git-fixes).
- HID: intel-ish-hid: fix NULL-ptr-deref in
ishtp_bus_remove_all_clients (git-fixes).
- drm/xe/pm: Disable D3Cold for BMG only on specific platforms
(git-fixes).
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(stable-fixes).
- drm/xe/pm: Also avoid missing outer rpm warning on system
suspend (stable-fixes).
- commit bef2297
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit f5cd5c5
- wifi: ath10k: sdio: add missing lock protection in
ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h
(git-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct
ath_tx_stats (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
(git-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
(git-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh
(git-fixes).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
(git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt
twice (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
(stable-fixes).
- wifi: mac80211: collect station statistics earlier when
disconnect (stable-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(stable-fixes).
- wifi: wlcore: ensure skb headroom before skb_push
(stable-fixes).
- commit 7dd6fbf
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
(git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
(git-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page()
fails (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(git-fixes).
- Revert "PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV" (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
(git-fixes).
- regulator: core: move supply check earlier in
set_machine_constraints() (git-fixes).
- regulator: core: fix locking in regulator_resolve_supply()
error path (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size
initialization (git-fixes).
- platform/chrome: cros_typec_switch: Don't touch struct
fwnode_handle::dev (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
(git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure
(git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure
(stable-fixes).
- commit 5d29d16
- nfc: hci: shdlc: Stop timers and work before freeing context
(git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: endpoint: Fix swapped parameters in
pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes
(git-fixes).
- media: venus: vdec: fix error state assignment for zero
bytesused (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock
(git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
(git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space
(git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls
(git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in
vfe_isr_reg_update() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
(git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
(git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params()
(git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params()
(git-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params()
(git-fixes).
- net: usb: sr9700: support devices with virtual driver CD
(stable-fixes).
- commit b9e0ae7
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation
(git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
(git-fixes).
- media: mtk-mdp: Fix error handling in probe function
(git-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: playstation: Add missing check for input_ff_create_memless
(git-fixes).
- Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
(git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler
optimization induced race (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30
(2d99:a101) (stable-fixes).
- HID: i2c-hid: fix potential buffer overflow in
i2c_hid_get_report() (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to
hid_ignore_list (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
(stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
(stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device
ID table (stable-fixes).
- HID: playstation: Center initial joystick axes to prevent
spurious events (stable-fixes).
- commit a4d4518
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
(git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date
(git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for
scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for
bytes controls (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes
update (git-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add()
(git-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
(stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe
(stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
(stable-fixes).
- commit cd7803f
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- commit 9d87a7d
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary
handler (git-fixes).
- platform/x86: int0002: Remove IRQF_ONESHOT from request_irq()
(git-fixes).
- genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes).
- crypto: hisilicon/trng - support tfms sharing the device
(git-fixes).
- crypto: hisilicon/zip - adjust the way to obtain the req in
the callback function (git-fixes).
- commit 6098b0f
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue
notification (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for
hardware queue unavailable (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: qat - fix parameter order used in
ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional
(git-fixes).
- commit ef8920f
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit e3370c0
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107)
- commit c430300
- arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102)
- commit 6759c0c
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102)
- commit 1baf93e
- Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070)
- commit 31e5415
- blacklist.conf: CVE-2025-68789 is invalid
- Delete
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch.
- commit 4322f6e
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(bsc#1257942 bsc#1257246 CVE-2026-23003).
- commit 3935902
- vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942
bsc#1257246 CVE-2026-23003).
- commit 8097957
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature
(git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- commit 854a137
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
(git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start()
(git-fixes).
- ACPICA: Fix NULL pointer dereference in
acpi_ev_address_space_dispatch() (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error
(git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount()
failure (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep
(git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size
(git-fixes).
- commit b423671
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
(git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe()
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in
tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock
(git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already
processed transfer (git-fixes).
- commit 95b4070
- drm/amdgpu: stop unmapping MQD for kernel queues v3
(stable-fixes).
- drm/amdgpu: remove invalid usage of sched.ready (stable-fixes).
- commit b0da37b
- drm/xe/query: Fix topology query pointer advance (git-fixes).
- Revert "drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit)" (git-fixes).
- drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes).
- commit 7e1670f
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (stable-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
(stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
(stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- commit e53fbb8
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
(git-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper
LUT (git-fixes).
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
(git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get()
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
(stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping
(git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- commit 1cabea4
- net: openvswitch: fix middle attribute validation in push_nsh()
action (CVE-2025-68785 bsc#1256640).
- commit 3dbef50
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- Revive thinkpad-lmi driver and mark as supported (jsc#PED-15553)
The driver is required for BIOS management on Lenovo machines.
- commit 9392d74
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & (git-fixes)
- commit ebcb744
- wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes).
- commit a467536
- iomap: account for unaligned end offsets when truncating read
range (git-fixes).
- blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c
- commit 6f0c964
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
(git-fixes).
- commit c2e8303
- mptcp: avoid deadlock on fallback while reinjecting
(CVE-2025-71126 bsc#1256755).
- mptcp: reset fallback status gracefully at disconnect() time
(CVE-2025-71126 bsc#1256755).
- commit 3b7ecc1
- arm64: Set __nocfi on swsusp_arch_resume() (git-fixes)
- commit c10bf0c
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 2b67457
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 167d4d3
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR
(failed VMRUN) (git-fixes).
- commit aab4ed6
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested
VM-Exits (git-fixes).
- commit 25f6c77
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn() (git-fixes).
- commit a923270
- KVM: x86: WARN if hrtimer callback for periodic APIC timer
fires with period=0 (git-fixes).
- commit a7b9a1d
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled
(e.g. on #SMI) (git-fixes).
- commit 0e3d0ad
- platform/x86: hp-bioscfg: Skip empty attribute names
(git-fixes).
- commit 6fb112e
- platform/x86: intel_telemetry: Fix PSS event register mask
(git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
(git-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove
routines (git-fixes).
- commit 41b7ff7
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- Move out-of-tree rt patch into the right section
- commit 125c148
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 0a3e886
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 2e431bc
- libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218).
- commit 518f909
- libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217).
- commit 7474e34
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e90ec28
- KABi: fix "dm-snapshot: fix 'scheduling while atomic' on
real-time kernels" (git-fixes).
- commit 4b685aa
- bpf/selftests: test_select_reuseport_kern: Remove unused header
(bsc#1257603).
- commit 3124f7b
- smb: client: short-circuit in open_cached_dir_by_dentry()
if !dentry (git-fixes).
- commit 82d6911
- smb: client: ensure open_cached_dir_by_dentry() only returns
valid cfid (git-fixes).
- commit d1feafe
- smb: client: split cached_fid bitfields to avoid shared-byte
RMW races (bsc#1250748,bsc#1257154).
- commit e7ce4ba
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository
- commit 0d24c51
- smb: improve directory cache reuse for readdir operations
(bsc#1252712).
- commit 20c0243
- smb: client: remove unused fid_lock (git-fixes).
- commit ed3cf07
- smb: client: update cfid->last_access_time in
open_cached_dir_by_dentry() (git-fixes).
- commit 1962196
- cifs: add new field to track the last access time of cfid
(git-fixes).
- commit 7328aa8
- smb: change return type of cached_dir_lease_break() to bool
(git-fixes).
- commit da8604d
- ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010
bsc#1257332).
- commit 0f213a3
- net: mscc: ocelot: Fix crash when adding interface under a lag
(CVE-2026-22982 bsc#1257179).
- net/handshake: restore destructor on submit failure
(CVE-2025-71148 bsc#1257159).
- commit 08069be
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 16880ae
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit b3a8e60
- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1
(CVE-2026-23005 bsc#1257245).
- commit 4fcc2d5
- Update
patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
(git-fixes CVE-2025-40097 bsc#1252900).
- Update
patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
(git-fixes CVE-2025-71081 bsc#1256609).
- Update
patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
(git-fixes CVE-2025-71147 bsc#1257158).
- Update
patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
(git-fixes CVE-2024-42103 bsc#1228490).
- Update
patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
(git-fixes CVE-2025-38243 bsc#1246184).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
bsc#1254465).
- Update
patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
(git-fixes CVE-2025-71083 bsc#1256610).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
(git-fixes CVE-2025-71111 bsc#1256728).
- Update
patches.suse/ipmi-Rework-user-message-limit-handling.patch
(git-fixes CVE-2025-40202 bsc#1253451).
- Update
patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
(git-fixes CVE-2025-71136 bsc#1256759).
- Update
patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
(git-fixes CVE-2025-68819 bsc#1256664).
- Update
patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
(git-fixes CVE-2025-68808 bsc#1256682).
- Update
patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
(git-fixes CVE-2025-38322 bsc#1246447).
- Update
patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
(git-fixes CVE-2025-68804 bsc#1256617).
- Update
patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
(bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
- Update
patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
(git-fixes CVE-2025-38379 bsc#1247030).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
(git-fixes CVE-2024-53070 bsc#1233563).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
(git-fixes CVE-2025-37813 bsc#1242909).
- Update
patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
(bsc#1256528 CVE-2025-22047 bsc#1241437).
- commit fbc3d71
- Update
patches.suse/ALSA-pcm-Disable-bottom-softirqs-as-part-of-spin_loc.patch
(git-fixes CVE-2025-40142 bsc#1253348).
- Update
patches.suse/ASoC-Intel-sof_sdw-Prevent-jump-to-NULL-add_sidecar-.patch
(git-fixes CVE-2025-40132 bsc#1253330).
- Update
patches.suse/accel-qaic-Fix-bootlog-initialization-ordering.patch
(git-fixes CVE-2025-40177 bsc#1253443).
- Update
patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch
(git-fixes CVE-2025-71143 bsc#1256749).
- Update
patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch
(bsc#1256794 CVE-2025-71142 bsc#1256748).
- Update
patches.suse/crypto-hisilicon-qm-request-reserved-interrupt-for-v.patch
(git-fixes CVE-2025-40136 bsc#1253340).
- Update
patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch
(git-fixes CVE-2025-71141 bsc#1256756).
- Update
patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch
(git-fixes CVE-2025-68802 bsc#1256661).
- Update
patches.suse/drm-xe-guc-Check-GuC-running-state-before-deregister.patch
(git-fixes CVE-2025-40166 bsc#1253433).
- Update
patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch
(git-fixes CVE-2025-71099 bsc#1256592).
- Update
patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch
(git-fixes CVE-2025-71076 bsc#1256627).
- Update
patches.suse/efi-stmm-Fix-incorrect-buffer-allocation-method.patch
(git-fixes CVE-2025-39836 bsc#1249904).
- Update
patches.suse/nvme-tcp-remove-tag-set-when-second-admin-queue-conf.patch
(git-fixes CVE-2025-38209 bsc#1246022).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch
(git-fixes CVE-2025-71101 bsc#1256594).
- Update
patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch
(stable-fixes CVE-2025-37744 bsc#1243662).
- Update
patches.suse/x86-CPU-AMD-Terminate-the-erratum_1386_microcode-array.patch
(git-fixes CVE-2024-56721 bsc#1235566).
- Update
patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch
(git-fixes CVE-2025-37751 bsc#1242505).
- Update
patches.suse/x86-kvm-Force-legacy-PCI-hole-to-UC-when-overriding-MTRRs-.patch
(bsc#1245538 CVE-2025-40181 bsc#1253471).
- commit fbc9bf3
- Update
patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch
(stable-fixes CVE-2025-71118 bsc#1256763).
- Update
patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch
(git-fixes CVE-2025-68783 bsc#1256650).
- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch
(git-fixes CVE-2026-23006 bsc#1257208).
- Update
patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch
(git-fixes CVE-2025-71082 bsc#1256611).
- Update
patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch
(git-fixes CVE-2025-68777 bsc#1256655).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch
(bsc#1255569 CVE-2025-68725).
- Update
patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch
(stable-fixes CVE-2025-68797 bsc#1256660).
- Update
patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch
(stable-fixes CVE-2025-40106 bsc#1252891).
- Update
patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch
(git-fixes CVE-2025-71131 bsc#1256742).
- Update
patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch
(git-fixes CVE-2025-71163 bsc#1257215).
- Update
patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch
(git-fixes CVE-2025-71162 bsc#1257204).
- Update
patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch
(git-fixes CVE-2025-71130 bsc#1256741).
- Update
patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch
(git-fixes CVE-2025-71138 bsc#1256785).
- Update
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch
(git-fixes CVE-2025-68789 bsc#1256781).
- Update
patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch
(CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277).
- Update
patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch
(CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800).
- Update
patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch
(git-fixes CVE-2026-22997 bsc#1257202).
- Update
patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch
(git-fixes CVE-2025-71079 bsc#1256619).
- Update
patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch
(git-fixes CVE-2025-71086 bsc#1256625).
- Update
patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch
(git-fixes CVE-2025-71154 bsc#1257163).
- Update
patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- Update
patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch
(git-fixes CVE-2025-71132 bsc#1256737).
- Update
patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch
(git-fixes CVE-2025-68773 bsc#1256586).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch
(stable-fixes CVE-2025-68254 bsc#1255140).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch
(stable-fixes CVE-2025-68256 bsc#1255138).
- Update
patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch
(git-fixes CVE-2025-71145 bsc#1257155).
- Update
patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch
(stable-fixes CVE-2025-71108 bsc#1256774).
- Update
patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch
(stable-fixes CVE-2025-71114 bsc#1256752).
- Update
patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch
(git-fixes CVE-2026-22978 bsc#1257227).
- Update
patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch
(git-fixes CVE-2025-71100 bsc#1256593).
- commit 856d20b
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- commit b73475a
- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
(CVE-2026-22996).
- net/mlx5e: Fix crash on profile change rollback failure
(CVE-2026-23000 bsc#1257234).
- commit 46ccefc
- Refresh patches.suse/gpio-rockchip-Stop-calling-pinctrl-for-set_direction.patch
- commit 6b7cadf
- Refresh patches.suse/drm-imx-tve-fix-probe-device-leak.patch.
- commit 2ce383c
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit bcf0129
- gpio: rockchip: Stop calling pinctrl for set_direction
(git-fixes).
- commit 8cea9c9
- btrfs: do not strictly require dirty metadata threshold for
metadata writepages (stable-fixes).
- commit b83c55a
- ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion
(git-fixes).
- ASoC: fsl: imx-card: Do not force slot width to sample width
(git-fixes).
- commit 6d4f48b
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule()
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes).
- drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit) (stable-fixes).
- commit 3d95c47
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
(git-fixes).
- commit 4d9fa09
- gpio: omap: do not register driver in probe() (git-fixes).
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amd/pm: fix race in power state check before mutex lock
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
(stable-fixes).
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
(stable-fixes).
- spi: spi-sprd-adi: Fix double free in probe error path
(git-fixes).
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
(stable-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
usb_submit_urb() error (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset during power on
(stable-fixes).
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
(stable-fixes).
- USB: serial: option: add Telit LE910 MBIM composition
(stable-fixes).
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
(stable-fixes).
- usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS
descriptor (stable-fixes).
- usb: dwc3: Check for USB4 IP_NAME (stable-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- HID: usbhid: paper over wrong bNumDescriptor field
(stable-fixes).
- ASoC: codecs: wsa881x: Drop unused version readout
(stable-fixes).
- spi: sprd-adi: switch to use spi_alloc_host() (stable-fixes).
- spi: sprd: adi: Use devm_register_restart_handler()
(stable-fixes).
- commit 81840a7
- io_uring/poll: correctly handle io_poll_add() return value on
update (CVE-2025-71149 bsc#1257164).
- commit e38f4cf
- dm-snapshot: fix 'scheduling while atomic' on real-time kernels
(git-fixes).
- commit fa7413d
- dm-bufio: align write boundary on physical block size
(git-fixes).
- commit 9cfe264
- dm-ebs: Mark full buffer dirty even on partial write
(git-fixes).
- commit 87b29f4
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 37c126f
- scripts: obsapi: Support URL trailing / in oscrc
- commit 596ed59
- scripts: uploader: Handle missing upstream in is_pr_open
- commit e7d7408
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
(CVE-2026-22977 bsc#1257053).
- ipv4: Fix reference count leak when using error routes with
nexthop objects (CVE-2025-71097 bsc#1256607).
- net: stmmac: fix the crash issue for zero copy XDP_TX action
(CVE-2025-71095 bsc#1256605).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584).
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast
route stats (CVE-2025-68800 bsc#1256646).
- mlxsw: spectrum_router: Fix neighbour use-after-free
(CVE-2025-68801 bsc#1256653).
- lan966x: Fix sleeping in atomic context (CVE-2025-68320
bsc#1255172).
- commit 6580707
- ice: fix PTP cleanup on driver removal in error path
(CVE-2025-68215 bsc#1255226).
- commit 5a32ad2
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit d911768
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit dcc6c91
- wifi: mac80211: correctly decode TTLM with default link map
(git-fixes).
- nfc: nci: Fix race between rfkill and nci_unregister_device()
(git-fixes).
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes).
- net: wwan: t7xx: fix potential skb->frags overflow in RX path
(git-fixes).
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete
(git-fixes).
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
(git-fixes).
- commit 6907fd9
- smack: fix bug: unprivileged task can create labels (CVE-2025-68733 bsc#1255615).
- commit 4193ba7
- shrink_slab_memcg: clear_bits of skipped shrinkers
(bsc#1256564).
- commit 1a156a1
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit f308569
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit bb6b853
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 35a165f
- gve: defer interrupt enabling until NAPI registration
(CVE-2025-71156 bsc#1257167).
- commit df5b61b
- kabi: export inet_frag_rbtree_purge() function again
(CVE-2025-68768 bsc#1256579).
- commit d066c8d
- inet: frags: flush pending skbs in fqdir_pre_exit()
(CVE-2025-68768 bsc#1256579).
- inet: frags: add inet_frag_queue_flush() (CVE-2025-68768
bsc#1256579).
- commit 3c0c564
- mptcp: fallback earlier on simult connection (CVE-2025-71088
bsc#1256630).
- commit daab93c
- scripts: uploader: Fix no change condition for _maintainership.json
- commit 792d98c
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168)
- commit 1e51f3a
- =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?=
=?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?=
(CVE-2025-71094 bsc#1256597).
- commit b3acbda
- net/sched: ets: Remove drr class from the active list if it
changes to strict (CVE-2025-68815 bsc#1256680).
- commit f0fee57
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit 8f4860d
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (git-fixes).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (git-fixes).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Add support for auxiliary device servicing events (git-fixes).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (git-fixes).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- commit d6908f3
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 1b89834
- usb: renesas_usbhs: Fix synchronous external abort on unbind
(CVE-2025-68327 bsc#1255488).
- commit a41f3aa
- net: usb: asix: validate PHY address before use (CVE-2025-71094
bsc#1256597).
- net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094
bsc#1256597).
- commit addbe43
- selftests/bpf: Fix flaky bpf_cookie selftest (git-fixes).
- commit de8fecf
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- commit b6299d5
- scripts: uploader: Only reset branch when there is no open PR
Resetting the branch closes any PR which is disruptive.
With project repositories that get a lot of changes this would reset too
often if reset was enabled causing unmergeable PRs.
Yet it is necessary to reset to be able to get up-to-date state for a
new PR.
With this branch reset can be enabled for maintainership update.
- commit 60e8156
- selftests/bpf: use simply-expanded variables for libpcap flags
(bsc#1255552 CVE-2025-68363).
- commit 2c7feb9
- selftests/bpf: ns_current_pid_tgid: Rename the test function
(bsc#1255552 CVE-2025-68363).
- commit 4f40cc9
- selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test
(bsc#1255552 CVE-2025-68363).
- Refresh
patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch.
- commit 0d13544
- selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552
CVE-2025-68363).
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 5773a45
- perf/x86/amd: Check event before enable to avoid GPF
(bsc#1256689 CVE-2025-68798).
- commit 122c93e
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 7fc3edd
- selftests/bpf: Monitor traffic for select_reuseport
(CVE-2025-68363 bsc#1255552).
- commit 7687d07
- selftests/bpf: Monitor traffic for sockmap_listen
(CVE-2025-68363 bsc#1255552).
- commit 200e7d4
- selftests/bpf: Monitor traffic for tc_redirect (CVE-2025-68363
bsc#1255552).
- commit ef95f02
- selftests/bpf: netns_new() and netns_free() helpers
(CVE-2025-68363 bsc#1255552).
- Refresh
patches.suse/selftests-bpf-Fix-backtrace-printing-for-selftests-c.patch.
- commit 6ac10b7
- selftests/bpf: Add the traffic monitor option to test_progs
(CVE-2025-68363 bsc#1255552).
- commit 24382fe
- selftests/bpf: Add traffic monitor functions (CVE-2025-68363
bsc#1255552).
- commit c7346b8
- blk-cgroup: fix possible deadlock while configuring policy
(CVE-2025-68178 bsc#1255266).
- commit 3f4a2e3
- bpf: Add bpf_prog_run_data_pointers() (bsc#1255241
CVE-2025-68200).
- commit 3454614
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- commit 6def8a1
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit 53c77db
- ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403).
- commit de1a69a
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit e28ac6a
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 3382537
- libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388).
- commit 592067a
- kABI workaround for tpm_chip changes (CVE-2025-71077
bsc#1256613).
- commit 66e0457
- tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613).
- commit 727f4b1
- selftests: net: fib-onlink-tests: Convert to use namespaces
by default (bsc#1255346).
- commit c2a5f76
- Delete
patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch.
- commit 755a7f6
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
(git-fixes).
- commit 7e4403b
- NFSD: Fix permission check for read access to executable-only
files (git-fixes).
- commit 2ce0763
- nfsd: Drop the client reference in client_states_open()
(git-fixes).
- commit 8226664
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
(git-fixes).
- commit d34b05e
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
(git-fixes).
- commit 2de8cf6
- NFSD/blocklayout: Fix minlength check in proc_layoutget
(git-fixes).
- commit 91340f9
- NFS: Fix up the automount fs_context to use the correct cred
(git-fixes).
- commit 99b1550
- NFSv4: ensure the open stateid seqid doesn't go backwards
(git-fixes).
- commit ca47c84
- exfat: fix remount failure in different process environments
(git-fixes).
- commit ec2e76f
- exfat: check return value of sb_min_blocksize in
exfat_read_boot_sector (git-fixes).
- commit 99696d0
- w1: fix redundant counter decrement in w1_attach_slave_device()
(git-fixes).
- w1: therm: Fix off-by-one buffer overflow in alarms_store
(git-fixes).
- comedi: dmm32at: serialize use of paged registers (git-fixes).
- uacce: ensure safe queue release with state management
(git-fixes).
- uacce: implement mremap in uacce_vm_ops to return -EPERM
(git-fixes).
- uacce: fix isolate sysfs check condition (git-fixes).
- uacce: fix cdev handling in the cleanup path (git-fixes).
- slimbus: core: fix of_slim_get_device() kernel doc (git-fixes).
- slimbus: core: fix device reference leak on report present
(git-fixes).
- slimbus: core: fix runtime PM imbalance on report present
(git-fixes).
- slimbus: core: fix OF node leak on registration failure
(git-fixes).
- intel_th: fix device leak on output open() (git-fixes).
- comedi: Fix getting range information for subdevices 16 to 255
(git-fixes).
- iio: accel: iis328dq: fix gain values (git-fixes).
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
(git-fixes).
- iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without
event detection (git-fixes).
- iio: adc: ad9467: fix ad9434 vref mask (git-fixes).
- iio: adc: ad7280a: handle spi_setup() errors in probe()
(git-fixes).
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in
sama5d2_adc driver (git-fixes).
- serial: 8250_pci: Fix broken RS485 for F81504/508/512
(git-fixes).
- comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes).
- commit 50f3b9f
- bpf: Do not let BPF test infra emit invalid GSO types to stack
(bsc#1255569).
- commit 1df0a4e
- platform/x86: hp-bioscfg: Fix automatic module loading
(git-fixes).
- platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID
macro (git-fixes).
- platform/x86: hp-bioscfg: Fix kobject warnings for empty
attribute names (git-fixes).
- platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes).
- drm/imagination: Wait for FW trace update command completion
(git-fixes).
- commit de62d29
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
(git-fixes).
- mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in
HS200/HS400 mode (git-fixes).
- regmap: Fix race condition in hwspinlock irqsave routine
(git-fixes).
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(git-fixes).
- ALSA: scarlett2: Fix buffer overflow in config retrieval
(git-fixes).
- ALSA: usb: Increase volume range that triggers a warning
(git-fixes).
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
(git-fixes).
- drm/amd/pm: Don't clear SI SMC table when setting power limit
(git-fixes).
- drm/nouveau: implement missing DCB connector types; gracefully
handle unknown connectors (git-fixes).
- drm/nouveau: add missing DCB connector types (git-fixes).
- commit 03d895b
- io_uring: fix filename leak in __io_openat_prep()
(CVE-2025-68814 bsc#1256651).
- commit 4d3284d
- drm/amd/pm: fix smu overdrive data type wrong issue on smu
14.0.2 (git-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- commit 6d02dff
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760)
- commit f080c28
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit d8f982b
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit 31c810e
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit fb6bd76
- md/raid5: fix possible null-pointer dereferences in
raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761).
- commit 06431f4
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 74dac8b
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- net/handshake: duplicate handshake cancellations leak socket
(CVE-2025-68775 bsc#1256665).
- commit 5f03ae0
- wifi: mac80211: don't perform DA check on S1G beacon
(git-fixes).
- commit 99fd461
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (git-fixes).
- dpll: Prevent duplicate registrations (git-fixes).
- wifi: ath12k: fix dma_free_coherent() pointer (git-fixes).
- wifi: ath10k: fix dma_free_coherent() pointer (git-fixes).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
(git-fixes).
- wifi: rsi: Fix memory corruption due to not set vif driver
data size (git-fixes).
- usbnet: limit max_mtu based on device's hard_mtu (git-fixes).
- mISDN: annotate data-race around dev->work (git-fixes).
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB
memory leak (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
(git-fixes).
- Revert "nfc/nci: Add the inconsistency check between the input
data length and count" (git-fixes).
- net: usb: dm9601: remove broken SR9700 support (git-fixes).
- leds: led-class: Only Add LED to leds_list when it is fully
ready (git-fixes).
- dpll: fix device-id-get and pin-id-get to return errors properly
(git-fixes).
- dpll: spec: add missing module-name and clock-id to pin-get
reply (git-fixes).
- dpll: fix return value check for kmemdup (git-fixes).
- dpll: indent DPLL option type by a tab (git-fixes).
- commit 0acacf9
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 42c8fa8
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 2f69405
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit 83400eb
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit 6b6945d
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
(bsc#1256754 CVE-2025-68820).
- commit 8f80a8b
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1256757 CVE-2025-71123).
- commit bd1f757
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 835edb6
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 4a0d1d2
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 7dc2ba0
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit dea6220
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
(CVE-2025-68325 bsc#1255417).
- commit 0e9df03
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 36ba28e
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit b54ffd4
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit f673593
- Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch
Fix the missing cleanup, folding the upsteram stable 6.12.y fix
(commit d28c1b1566a1) into the backport patch itself.
- commit d2ae2ac
- of: fix reference count leak in of_alias_scan() (git-fixes).
- of: platform: Use default match table for /firmware (git-fixes).
- ata: libata: Add cpr_log to ata_dev_print_features() early
return (git-fixes).
- commit 403f41b
- NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803
bsc#1256770).
- commit cae9b7a
- nfsd: set security label during create operations
(CVE-2025-68803 bsc#1256770).
- commit 8ee0c2b
- RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733)
- commit c4b2e81
- RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622)
- commit 695ad1f
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
(CVE-2025-71080 bsc#1256608).
- commit d2e316c
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 400a381
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 386a47a
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 0de7076
- sched/rt: Skip group schedulable check with rt_group_sched=0
(bsc#1256568).
- commit 3119d3b
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Propagate global rt_runtime into root_task_group rqs
Update root group rq's rt_runtime amount so that it matches the global
RT throttling amount after update. It'd be eventually refilled from
do_sched_rt_period_timer() but when the timer is idle the change would
not propagate and one period may be miss-throttled.
- commit 09fa5a4
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Fix schedulability check with global RT limit
The global RT limit is stored in the root task_group so when the limit
is being lowered, the new value would be validated against the old one
(in sysctl_*) and never pass. But because we unified the global RT limit
with root task_group's limit, carry out the schedulability test as if
global values were configured to the root_task_group (they eventually
are).
- commit 1a0d83b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 4190209
- dmaengine: apple-admac: Add "apple,t8103-admac" compatible
(git-fixes).
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
(git-fixes).
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
(git-fixes).
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes).
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing (git-fixes).
- dmaengine: tegra-adma: Fix use-after-free (git-fixes).
- dmaengine: ti: k3-udma: fix device leak on udma lookup
(git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on am335x route
allocation (git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route
allocation (git-fixes).
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
(git-fixes).
- dmaengine: idxd: fix device leaks on compat bind and unbind
(git-fixes).
- dmaengine: dw: dmamux: fix OF node leak on route allocation
failure (git-fixes).
- dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes).
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
(git-fixes).
- dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes).
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
(git-fixes).
- phy: rockchip: inno-usb2: fix communication disruption in
gadget mode (git-fixes).
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
(git-fixes).
- phy: stm32-usphyc: Fix off by one in probe() (git-fixes).
- commit c2d8602
- Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch
- commit 462d775
- gpio: pca953x: fix wrong error probe return value (git-fixes).
- commit df5f5f1
- drm/amdgpu: Fix query for VPE block_type and ip_count
(stable-fixes).
- drm/amd/display: Apply e4479aecf658 to dml (stable-fixes).
- drm/amdkfd: Fix improper NULL termination of queue restore
SMI event string (stable-fixes).
- drm/amd/display: shrink struct members (stable-fixes).
- drm/amd/display: Respect user's CONFIG_FRAME_WARN more for
dml files (stable-fixes).
- commit 1aaadcf
- gpio: pca953x: Utilise temporary variable for struct device
(stable-fixes).
- Refresh
patches.suse/gpio-pca953x-log-an-error-when-failing-to-get-the-re.patch.
- commit b07f679
- lib/crypto: aes: Fix missing MMU protection for AES S-box
(git-fixes).
- mei: me: add nova lake point S DID (stable-fixes).
- gpio: pca953x: handle short interrupt pulses on PCAL devices
(git-fixes).
- drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
(stable-fixes).
- ASoC: fsl_sai: Add missing registers to cache default
(stable-fixes).
- ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
(stable-fixes).
- ALSA: usb-audio: Update for native DSD support quirks
(stable-fixes).
- drm/amd/display: Fix DP no audio issue (stable-fixes).
- powercap: fix sscanf() error return value handling
(stable-fixes).
- powercap: fix race condition in register_control_type()
(stable-fixes).
- can: j1939: make j1939_session_activate() fail if device is
no longer registered (stable-fixes).
- mei: me: add wildcat lake P DID (stable-fixes).
- gpio: pca953x: Add support for level-triggered interrupts
(stable-fixes).
- gpio: pca953x: Utilise dev_err_probe() where it makes sense
(stable-fixes).
- commit 46ebab7
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- commit fae1ed0
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- commit 7c749f7
- ASoC: codecs: wsa883x: fix unnecessary initialisation
(git-fixes).
- commit 9ad50cc
- drm/amd/display: Initialise backlight level values from hw
(git-fixes).
- commit c2d3b2d
- drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions
(git-fixes).
- commit 9168dd5
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
(git-fixes).
- drm/panel-simple: fix connector type for DataImage
SCF0700C48GGU18 panel (git-fixes).
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
(git-fixes).
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
(git-fixes).
- ASoC: tlv320adcx140: fix word length (git-fixes).
- ASoC: tlv320adcx140: fix null pointer (git-fixes).
- ASoC: codecs: wsa884x: fix codec initialisation (git-fixes).
- commit b212696
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync
flags (CVE-2025-68764 bsc#1255930).
- commit 84f3f58
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659)
- commit 86f02f8
- fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365 bsc#1255548)
- commit 354fd40
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728 bsc#1255539)
- commit 3c62fa0
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 8d4da32
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 8aea2cc
- Fix KABI for "md: fix rcu protection in md_wakeup_thread"
(CVE-2025-68374 bsc#1255530).
- commit 4078c1e
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- commit eb0fac0
- md: fix rcu protection in md_wakeup_thread (CVE-2025-68374
bsc#1255530).
- commit 1b0738f
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
- scsi: qla2xxx: Fix bsg_done() causing double free
(bsc#1256863).
- scsi: qla2xxx: Query FW again before proceeding with login
(bsc#1256863).
- scsi: qla2xxx: Validate sp before freeing associated memory
(bsc#1256863).
- scsi: qla2xxx: Free sp in error path to fix system crash
(bsc#1256863).
- scsi: qla2xxx: Delay module unload while fabric scan in progress
(bsc#1256863).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
- scsi: qla2xxx: Add bsg interface to support firmware img
validation (bsc#1256863).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h
(bsc#1256863).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx
(bsc#1256863).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
- scsi: qla2xxx: Add Speed in SFP print information
(bsc#1256863).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get()
(bsc#1256861).
- commit da9bd89
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit 95251dd
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit fea667d
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit 238038b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit b6c7c30
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate
session upon receiving the second rts (git-fixes).
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher
than 1 MBit (git-fixes).
- can: etas_es58x: allow partial RX URB allocation to succeed
(git-fixes).
- commit 6e93ffe
- ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727 bsc#1255568)
- commit 97681c7
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit fdc5baf
- interconnect: Don't access req_list while it's being manipulated
(CVE-2023-54013 bsc#1256280).
- commit 397aee1
- interconnect: Fix locking for runpm vs reclaim (CVE-2023-54013
bsc#1256280).
- commit bacbc82
- cpuset: fix warning when disabling remote partition
(bsc#1256794).
- commit 760a28c
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit 7a5edbb
- mptcp: Fix proto fallback detection with BPF (CVE-2025-68227
bsc#1255216).
- commit 557d74c
- sysfs: check visibility before changing group attribute
ownership (CVE-2025-40355 bsc#1255261).
- commit 7b1e9ed
- x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171
bsc#1255255).
- commit 265a09f
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 87d4295
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl()
(git-fixes).
- nvmet-auth: update sc_c in target host hash calculation
(git-fixes).
- nvmet-auth: update sc_c in host response (git-fixes).
- commit 1ece4fd
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134 CVE-2025-68230)
- commit 19b936b
- net: atlantic: fix fragment overflow handling in RX path
(CVE-2025-68301 bsc#1255120).
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: openvswitch: remove never-working support for setting
nsh fields (CVE-2025-40254 bsc#1254852).
- net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238
bsc#1254871).
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff
for striding RQ (CVE-2025-40350 bsc#1255260).
- commit 07231fa
- drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095 CVE-2025-40360)
- commit adae9ca
- amd/amdkfd: enhance kfd process check in switch partition
(CVE-2025-68174 bsc#1255327).
- commit 9e3bffb
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit a195e39
- selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when
transport_header is not set (CVE-2025-68363 bsc#1255552).
- commit 742de98
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu
(CVE-2025-68363 bsc#1255552).
- commit f6cdd52
- drm/amdgpu: remove two invalid BUG_ON()s (CVE-2025-68201 bsc#1255136)
- commit 9a27d5e
- Refresh
patches.suse/cifs-after-disabling-multichannel-mark-tcon-for-reconnect.patch.
- Refresh
patches.suse/cifs-avoid-redundant-calls-to-disable-multichannel.patch.
- Refresh
patches.suse/cifs-cifs_pick_channel-should-try-selecting-active-channels.patch.
- Refresh
patches.suse/cifs-deal-with-the-channel-loading-lag-while-picking-channels.patch.
- Refresh
patches.suse/cifs-dns-resolution-is-needed-only-for-primary-channel.patch.
- Refresh
patches.suse/cifs-do-not-search-for-channel-if-server-is-terminating.patch.
- Refresh
patches.suse/cifs-fix-a-pending-undercount-of-srv_count.patch.
- Refresh
patches.suse/cifs-fix-lock-ordering-while-disabling-multichannel.patch.
- Refresh
patches.suse/cifs-fix-stray-unlock-in-cifs_chan_skip_or_disable.patch.
- Refresh
patches.suse/cifs-fix-use-after-free-for-iface-while-disabling-secondary-channel.patch.
- Refresh
patches.suse/cifs-handle-when-server-stops-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-reconnect-worker-should-take-reference-on-server-struct-uncond.patch.
- Refresh
patches.suse/cifs-reset-connections-for-all-channels-when-reconnect-requested.patch.
- Refresh
patches.suse/cifs-reset-iface-weights-when-we-cannot-find-a-candidate.patch.
- Refresh
patches.suse/smb-client-fix-cifs_pick_channel-when-channel-needs-reconnect.patch.
- Refresh
patches.suse/smb-client-introduce-close_cached_dir_locked-.patch.
- Refresh
patches.suse/smb3-add-missing-null-server-pointer-check.patch.
- commit 966613b
- cifs: fix use after free for iface while disabling secondary
channels (git-fixes).
- commit dfe1d44
- cifs: reconnect worker should take reference on server struct
unconditionally (git-fixes).
- Refresh
patches.suse/cifs-handle-servers-that-still-advertise-multichannel-after-disabli.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- commit a6f7e74
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- commit f14b40c
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- smb3: add missing null server pointer check (git-fixes).
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-serialize-other-channels-when-query-server-interfaces-is-pendi.patch.
- commit 6f71d7c
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- commit 9d297d5
- cifs: do not search for channel if server is terminating
(git-fixes).
- commit 1796cf0
- cifs: handle servers that still advertise multichannel after
disabling (git-fixes).
- cifs: serialize other channels when query server interfaces
is pending (git-fixes).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- Refresh
patches.suse/smb3-fix-for-slab-out-of-bounds-on-mount-to-ksmbd.patch.
- commit e76704e
- smb: client: fix cifs_pick_channel when channel needs reconnect
(git-fixes).
- commit 59edbd9
- cifs: cifs_pick_channel should try selecting active channels
(git-fixes).
- commit 3f9ba92
- corosync
-
- Add a patch to fix CVE-2026-35091 (bsc#1261299)
* 0001-totemsrp-Return-error-if-sanity-check-fails.patch
- Add a patch to fix CVE-2026-35092 (bsc#1261300)
* 0002-totemsrp-Fix-integer-overflow-in-memb_join_sanity.patch
- crash
-
- Enable ARM64 64K page support (bsc##1248074)
* crash-arm64-fix-64K-page-and-52-bits-VA-support.patch
* crash-arm64-rewrite-the-arm64_get_vmcoreinfo_ul-to-arm64_g.patch
* crash-arm64-support-HW-Tag-Based-KASAN-MTE-mode.patch
* crash-arm64-Add-support-for-vmemmap-symbol-in-vmcoreinfo.patch
* crash-arm64-fix-the-determination-of-vmemmap-and-struct_pa.patch
* crash-arm64-Add-gdb-stack-unwind-support.patch
* crash-symbols-expand-all-kernel-module-symtable-if-not-all.patch
* crash-Add-LoongArch64-framework-code-support.patch
* crash-LoongArch64-Fixed-link-errors-when-build-on-LOONGARC.patch
* crash-gdb-fix-p-command-to-print-module-variables-correctl.patch
* crash-ppc64-Add-gdb-stack-unwind-support.patch
* crash-Preparing-for-gdb-stack-unwind-support.patch
* crash-x86_64-Add-gdb-stack-unwind-support.patch
* crash-gcore-update-set_context-with-upstream-counterpart.patch
- In some kernel modules such as libie.ko, the mem[MOD_TEXT].size
may be zero, currently crash will only check its value to determine
if the module is valid, otherwise it fails to load kernel module with
the following warning and error:
mod: cannot access vmalloc'd module memory
Lets count the module size to check if the module is valid, that will
avoid the current failure. (bsc#1237501)
* crash-fix-for-failing-to-load-kernel-module.patch
- crmsh
-
- Update to version 4.6.2+20260313.2ac79df8:
* Dev: sh: Use sh_helper.py for su commands (bsc#1254757)
* Fix: log: Disable color when not on a TTY (bsc#1259178)
* Dev: ui_cluster: Hint the watchdog option should be used with sbd option
* Dev: bootstrap: Disable pacemaker and sbd services after removing node
* Dev: bootstrap: Skip inactive cluster node when calling restart_cluster function
* Fix: profiles.yml: Sync the value of `profiles.yml` from the main branch (bsc#1259321)
- Update to version 4.6.2+20260209.721d6d2a:
* Dev: pre-migration: Add check for obsolete SAP ASCS/ERS ENSA1 (jsc#SAPSOL-780)
* Fix: ui_cluster: Stop dlm in maintenance mode correctly (bsc#1253733)
* Dev: utils: Reuse methods in xmlutil.CrmMonXmlParser
* Dev: migration: Add check for obsolete SAP ASCS/ERS mount (jsc#SAPSOL-495)
* Fix: log: Add milliseconds time format to crmsh.log (bsc#1255021)
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- cups
-
- cups-2.2.7-CVE-2026-34990.patch is is based on
https://github.com/OpenPrinting/cups/commit/e052dc44da9d12adfbebc51de4975fbadb2ce356
backported to CUPS 2.2.7 to fix CVE-2026-34990
"Local print admin token disclosure using temporary printers"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
bsc#1261568
- Incompatible change needed to properly fix CVE-2026-34990:
The ability to create/overwrite files via a 'file:' device URI
is removed. Now the specified file must already exist
and is opened only for writing in exclusive mode.
In general: Historically 'file:' devices were provided
for backwards compatibility with System V interface scripts
that talked to serial printers over a character device, with
very limited debugging support for writing to an ordinary file.
It is not and never was intended as a way to "print to a file".
For a proper debugging method see the section
"A backend that sends its input into a file for debugging" in
https://en.opensuse.org/SDB:Using_Your_Own_Backends_to_Print_with_CUPS
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- dejavu-fonts
-
- use %license tag [bsc#1252142]
- lvm2
-
- L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661)
* Add upstream patch
+ bug-1257661-libdaemon-fix-suppressing-stray-fd-warnings.patch
- docker
-
- Places a hard cap on the amount of mechanisms that can be specified and
encoded in the payload. (bsc#1253904, CVE-2025-58181)
* 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- fence-agents
-
- fence_vmware_rest:
a fix seems to be missing in the latest version (bsc#1261670)
L3: fence_vmware_rest : monitoring is not detecting problems accessing the fence device
(bsc#1218718)
o Add upstream patch:
0001-fence_vmware_rest-monitoring-action-is-not-detecting.patch
- fence_aws Fix shebang to be able to use python3.11 if it is installed.
(bsc#1250417)
- Adding new fence agent for Nutanix AHV (jsc#PED-13087) (bsc#1253230)
Fix spec file: add nutanix_ahv to agent_list.
- add new skip_os_shutdown flag to fence_aws fence agent (bsc#1250417)
o Add upstream patch:
632.patch
- gdk-pixbuf
-
- Add gdk-pixbuf-CVE-2026-5201.patch: jpeg: Reject unsupported
number of components (bsc#1261210 CVE-2026-5201
glgo#GNOME/gdk-pixbuf#266).
- glibc
-
- resolv-count-resource-records.patch: resolv: Count records correctly
(CVE-2026-4437, bsc#1260078, BZ #34014)
- resolv-check-hostname.patch: resolv: Check hostname for validity
(CVE-2026-4438, bsc#1260082, BZ #34015)
- nss-missing-checks.patch: nss: Missing checks in __nss_configure_lookup,
__nss_database_get (bsc#1258319, BZ #28940)
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix: [bsc#1256389] (gpg.fail/filename)
* GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
* Add gnupg-accepts-path-separators-literal-data.patch
- grub2
-
- Fix missing install device check in grub2-install on PowerPC which could lead
to bootlist corruption (bsc#1221126)
* 0001-Mandatory-install-device-check-for-PowerPC.patch
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
- Support dm multipath bootlist on PowerPC (bsc#1254415)
* 0001-ieee1275-support-dm-multipath-bootlist.patch
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS
Reboot (bsc#1254299)
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
- ipmitool
-
- Fix bad pid file creation in ipmievd by removing the interface
number from the file name (bsc#1259310)
A fix_pid_file.patch
- iproute2
-
- add CVE fix (CVE-2024-58251 bsc#1254324)
* ss-escape-characters-in-command-name.patch
- resource-agents
-
- (bsc#1260984) L3: aws-vpc-move-ip: Add awscli_timeout option
Add upstream patch:
0001-aws-vpc-move-ip-Add-awscli_timeout-option-2140.patch
- L3:ec2 and awsvip resource agent's retry mechanism for AWS monitoring
(bsc#1251836)
- Add auth_type parameter and AWS Policy based authentication type
Add upstream patches:
1936.patch
0001-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-add-au.patch
- tigervnc
-
- U_Prevent-other-users-reading-x0vncserver-screen.patch
* Prevent other users from observing the screen, or modifying
what is sent to the client. Malicious attackers could even
crash x0vncserver if they timed the modifications right.
(CVE-2026-34352, bsc#1260871)
- gcc15
-
- Add gcc14-bsc1257463.patch to fix bogus expression simplification
[bsc#1257463]
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- mozilla-nss
-
- update to NSS 3.112.4
* bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
* bmo#2029462 - store email on subject cache_entry in NSS trust domain.
* bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* bmo#2029323 - Improve size calculations in CMS content buffering.
* bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
* bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
* bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
* bmo#2027345 - Improve input validation in DSAU signature decoding.
* bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
* bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
* bmo#2026156 - Add a maximum cert uncompressed len and tests.
* bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
* bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* bmo#2019224 - Remove invalid PORT_Free().
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- openldap2
-
- jsc#PED-15735 - expose ldap_log.h in -devel
* 0246-Include-ldap_log.h-in-devel.patch
- retcon .changes to satisfy source validator
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- nfs-utils
-
- Fix access checks when mounting subdirectories in NFSv3
(CVE-2025-12801 bsc#1259204)
- add Fix-access-checks-when-mounting-subdirectories-in-NFSv3.patch
- add NFS-export-symlink-vulnerability-fix.patch
- add configure-check-for-rpc_gss_seccreate.patch
- add mountd-Minor-refactor-of-get_rootfh.patch
- add mountd-Separate-lookup-of-the-exported-directory-and-the-m.patch
- add support-Add-a-mini-library-to-extract-and-apply-RPC-creden.patch
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505)
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- NetworkManager
-
- Add NetworkManager-CVE-2025-9615.patch: avoid that non-admin user
using other users' certificates
(bsc#1257359, CVE-2025-9615, glfd#NetworkManager/NetworkManager!2324).
- Add NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch:
manager: don't renew dhcp lease when software devices' MAC is empty
(bsc#1225498, glfd#NetworkManager/NetworkManager#1587).
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- openssl-3
-
- Enable MD2 in legacy provider (jsc#PED-15724)
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* NULL pointer dereference when processing an OCSP response
(bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch
openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch
openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- libpcap
-
- Fix bsc#1258668: Enable RMDA - Fix missing dependency in spec so libcap
is built with RMDA support.
- libpng12
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng12-CVE-2026-25646.patch
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755)
* libpng16-CVE-2026-33636.patch
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- polkit
-
- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
0001-CVE-2026-4897-getline-string-overflow.patch
- python311
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- Fix changelog
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
- Update to 3.11.15:
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029 CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- gh-142145: Remove quadratic behavior in xml.minidom node ID
cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead
(bsc#1254997, CVE-2025-12084).
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (bsc#1252974, CVE-2025-6075).
- gh-119451: Fix a potential memory denial of service in the
http.client module. When connecting to a malicious server,
it could cause an arbitrary amount of memory to be
allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes
(CVE-2025-13836, bsc#1254400).
- gh-119452: Fix a potential memory denial of service in the
http.server module. When a malicious user is connected to
the CGI server on Windows, it could cause an arbitrary
amount of memory to be allocated. This could have led to
symptoms including a MemoryError, swapping, out of memory
(OOM) killed processes or containers, or even system
crashes.
- gh-119342: Fix a potential memory denial of service in the
plistlib module. When reading a Plist file received from
untrusted source, it could cause an arbitrary amount of
memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837).
- Library
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144363: Update bundled libexpat to 2.7.4
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
Remove upstreamed patches:
- CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2025-12084-minidom-quad-search.patch
- CVE-2025-13836-http-resp-cont-len.patch
- CVE-2025-13837-plistlib-mailicious-length.patch
- CVE-2025-6075-expandvars-perf-degrad.patch
- CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- ruby2.5
-
- update suse.patch to fdff0ae9b7
- backport REXML 3.4.4
- fix denial of service when parsing XML containing multiple XML declarations
bsc#1250016 CVE-2025-58767
- fix ReDoS in REXML hex numeric character reference parsing
bsc#1232440 bsc#1232441 CVE-2024-49761
- fix buffer overflow in zstream_buffer_ungets (Zlib::GzipReader)
bsc#1259239 CVE-2026-27820
- adjust rexml test suite for ruby 2.5 test-unit compatibility
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- systemd
-
- Import commit c89ea566d98c8e3fb29a5b8edd4576b135b4bc92
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 626ffc7844795870235d15c6daab695f2d53a11e
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 75eab961ea843dc161707d4af0789b018d499676
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 5caaa71f4a7b00e6a6ceb396d08486af73687d45
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no
files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the
services. It can be safely removed once the update is complete.
- Import commit 00ba3646e6cb3ce40bb3de3e92f93ebec0adce6d
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449)
- tpm2-0-tss
-
- add Requires to libtss2-fapi to pull in the tss user (bsc#1258720).
Otherwise, when installing libtss2-fapi on its own, errors from
systemd-tmpfiles can appear.
- libvirt
-
- virsh: Introduce new hypervisor-cpu-models command
jsc#PED-13062
- wireshark: Adapt to wireshark-4.6.0
jsc#PED-15400
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- lifecycle-data-sle-module-live-patching
-
- Added data for 5_14_21-150400_24_184, 5_14_21-150400_24_187,
5_14_21-150500_55_127,
5_14_21-150500_55_133, 5_14_21-150500_55_136,
6_4_0-150600_23_78, 6_4_0-150600_23_81,
6_4_0-150600_23_84, 6_4_0-150600_23_87,
6_4_0-150700_53_22, 6_4_0-150700_53_25,
6_4_0-150700_53_28, 6_4_0-150700_53_31,
+kernel-livepatch-6_4_0-150600_10_61-rt,*,+kernel-livepatch-6_4_0-150700_7_28-rt,*. (bsc#1020320)
- makedumpfile
-
- makedumpfile-Fix-data-race-in-multi-threading-mode.patch: Fix a
data race in multi-threading mode (--num-threads=N)
(bsc#1245569, bsc#1256455).
- mdadm
-
- Update to version 4.4+40.g243a5d9f:
* avoid mdcheck_continue.timer and mdcheck_start.timer
firing simultaneously (bsc#1243443, bsc#1259090)
- Update to version 4.4+39.g6e1c3b06:
* platform-intel: Deal with hot-unplugged devices (bsc#1258265)
* imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009)
- Update to version 4.4+37.gea219956:
- Backport upstream fixes from 4.5 (bsc#1257009)
* Re-enable mdadm --monitor ... for /dev/mdX
* Allow RAID0 to be created with v0.90 metadata
* Moves memory management into Assemble to avoid null pointer dereference
* Support non-absolute name during monitor scan
* Don't set badblock flag when adding a new disk
* Fix metadata corruption when managing new imsm array
- Update to version 4.4+31.g541b40d3:
* fix crash with homehost=none (bsc#1254541)
- Update to version 4.4+30.g9a59bf51:
* mdcheck: work around bash 5.3 bug (bsc#1254087)
- perl-XML-Parser
-
- modified patches
* XML-Parser-2.40.diff (-p1)
- added patches
CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901)
* perl-XML-Parser-CVE-2006-10002.patch
CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902)
* perl-XML-Parser-CVE-2006-10003.patch
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-decorator
-
- Add python36-decorator provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-importlib-metadata
-
- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-python-dateutil
-
- Add python36-python-dateutil provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pytz
-
- Add python36-pytz provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-urllib3
-
- fix regression in CVE-2025-66471.patch when downloading large files
(bsc#1259829)
- python-Pygments
-
- CVE-2026-4539: ReDoS processing in AdlLexer (bsc#1260796)
Add patch CVE-2026-4539.patch
- python-aiohttp
-
- Add patch CVE-2025-69223-auto_decompress-zip-bomb.patch:
* Prevent zip bomb with parser auto_compress feature.
(bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
- Add patch CVE-2025-69224-unicode-processing-header-values.patch:
* Check for ASCII in header values
(bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
- Add patch CVE-2025-69225-forbid-non-ascii-in-range.patch:
* Forbid non-ASCII decimals in the Range header
(bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
- Add patch CVE-2025-69226-brute-force-leak-static-elements.patch:
* Reject static URLs that traverse outside static root
(bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76)
- Add patch CVE-2025-69227-raise-exceptions-not-asserts.patch:
* Raise exceptions when processing a POST body
(bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23)
- Add patch CVE-2025-69228-enforce-client_max_size-for-entire-multipart.patch
* Enforce client_max_size over entire multipart form
(bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf)
- Add patch CVE-2025-69229-small-chunk-exhaustion.patch:
* Pause reading of chunks when it reaches a high water mark
(bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq)
- Add patch use-correct-warning-pytest-warns.patch:
* Look for correct warning during the testsuite.
- python-azure-core
-
- Add CVE-2026-21226.patch to fix deserialization of untrusted data in
Azure Core shared client library for Python allowing an authorized
attacker to execute code over a network (bsc#1257703, CVE-2026-21226)
- python-pip
-
- Add CVE-2026-1703.patch to fix bsc#1257599
(bsc#1257599, CVE-2026-1703, gh#pypa/pip#13777)
- python-pyOpenSSL
-
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808)
Add patch CVE-2026-27459.patch
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- python-wheel
-
- Add CVE-2026-24049.patch to fix CVE-2026-24049 (bsc#1257100)
- release-notes-ha
-
- 15.7.20260227 (tracked in bsc#933411)
- Added note about Nutanix AVH (jsc#13089)
- saptune
-
- update package version of saptune to 3.2.3
* On Azure cloud systems fix a systemd ordering cycle conflict
which prevents saptune to run on boot.
The reason for this conflict is an upcoming cloud-init update
which will change the order by adding 'After=multi-user.target'
to the cloud-final.service. Since version 3.1.5 saptune has
a dependency to cloud-final.service on Azure systems to fix
bsc#1235824. We will now remove this dependency.
For detailed information see
TID 000022490 - Important saptune update to 3.2.3 required on
Azure due to cloud-init update
(bsc#1260498, jsc#SAPSOL-1050)
* Fix systemd service state revert problem.
(bsc#1259748)
* Fix output of 'saptune verify applied' in case of enabled
notes, but nothing is applied.
(jsc#SAPSOL-1051)
* Add new tag 'kernel' to match the running kernel release.
Valid values are extended regular expressions (RE2) that match
the output of 'uname -r'
(jsc#SAPSOL-810)
* Support C-State names for parameter 'force_latency' additional
to the already available latency value.
(jsc#SAPSOL-806)
* Support optional packages in the rpm section.
Packages with a ? prefix are treated as optional.
(jsc#SAPSOL-791)
* Warn about duplicate Notes/Solutions.
If a custom Note or Solution has the same name as a shipped
Note or Solution a WARNING is displayed and logged.
In the 'list' commands these entries are marked with a leading
'!' and the line is highlighted with yellow color.
In this case the shipped Note or Solution will take precedence
over the custom Note or Solution.
(jsc#SAPSOL-948)
* Fix kernel regex for HotFix000022286.
(bsc#1261866)
* Add condition (kernel tag) to HotFix000022286.
As the final kernel patch is available for the problem the
HotFix will only be active on systems currently not patched to
the latest kernel patch.
* SLE12/15/16 - deprecate Note 941735
The Note might get removed in a future saptune version.
(jsc#SAPSOL-1048)
* SAP Note 2684254 updated to Version 27
check that TSX is set to auto on systems running dedicated
kernel releases.
(jsc#SAPSOL-793)
* SAP Note 1656250 updated to Version 71
disable C-states higher than C1
* SAP Note 2578899 updated to Version 55
check for optional sssd package version
* SAP Note 1275776 updated to Version 47
* SLE 16 SAP Note 3577842 and 3565382 updated
- use versioned Provides/Obsoletes for sapconf
- use full path for commands used in pre/post scripts
- requires systemd-presets-branding-SLE-SAP
(jsc#PED-15405)
- update package version of saptune to 3.2.2 - HOTFIX
* ship Note HotFix000022286 and add it to the Solutions 'HANA',
'NETWEAVER+HANA', 'S4HANA-APP+DB' and 'S4HANA-DBSERVER'.
This HotFix addresses a problem described in the TID 22286
https://support.scc.suse.com/s/kb/SAP-HANA-swap-and-system-hangs-with-THP-on-multi-NUMA-node-systems?language=en_US
To activate the fix you can simply apply the Note by
'saptune note apply HotFix000022286', which will not
interrupt your current tuning but add the 2 additional needed
settings.
Or you restart the saptune.service, which will lead to a short
gap in your tuning because of the 'revert'/'apply' workflow of
the service restart.
Or you reboot your server.
This HotFix is only available for SLES15SP5 to SLES15SP7 on
x86_64 architecture.
- shim
-
- Add Microsoft-signed 16.1 shim
- shim.spec: Temporarily disable nx-shim
- We still need time to test nx (non-executable) shim and develop
the script for delivery. We will not support nx-shim on all Leap
and SLE distros because the function should also be supported by
grub2 and kernel.
- shim.spec: Remove the reproducibility check for the shim binary
- The binutils on Leap 15.6 and SLE-15-SP3 has been upgraded to 2.45
when we are waiting shim-review and Microsoft signing. It causes
that the shim binary is NOT reproducible on build services.
- We just direct use the Microsoft signed-back shim binaries
because we build this binary before and have the logs to prove it.
Before we find a good approach to save/restore the build service
environment, let’s directly use the Microsoft signed-back shim for
delivery.
- Certificates: Add Microsoft UEFI CA files to the target certificates
array in pretrans script.
- Certificates: Convert the SUSE certificates from PEM to DER format
- timestamp.pl: fix the size of checksum in PE Optional Header
- shim.spec: Workaround the string comparison issue in elif directive
- shim.spec: Specify the certificate format in openssl commands
- shim.spec: Use io.open instead of pcall rpm.open in pretrans lua script
- Add a pretrans script to verify that the UEFI db should have the
necessary certificate to allow the shim binary to boot. The installation
will be aborted if the db is missing the target certificate. To proceed,
the user must enroll the target certificate in the db or disable UEFI
Secure Boot.
- Update to 16.1
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building with the latest version of gcc in the codebase:
- We prefer that building shim with the latest version of gcc in
codebase.
- Set the minimum version is gcc-13.
if gcc_version < 13
define gcc_version 13
endif
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
verify='SUSE Linux Enterprise Secure Boot CA1'
- vendor_dbx='vendor-dbx-opensuse.esl'
+ vendor_dbx='vendor-dbx-sles.esl'
- Using gcc12 for building shim/shim-nx
- The gcc12 can workaround dxe_get_mem_attrs() hsi_status problem
- Add the following changes to shim.spec :
define gcc_version 12
global cc_compiler /usr/bin/gcc-%{gcc_version}
BuildRequires gcc%{gcc_version}
make CC=%{cc_compiler} RELEASE=0
- Remove shim-disable-dxe-get-mem-attrs.patch
- This downstream patch can be removed after moving to gcc12
(bsc#1247432)
- Add shim-disable-dxe-get-mem-attrs.patch
- On old edk2-stable202308 ovmf, running dxe_get_mem_attrs() causes
get_hsi_mem_info() confusion on hsi_status. It looks that hsi_status
has a copy after running dxe_get_mem_attrs(). Those elements in
hsi_nx_is_enforced(), HEAPX|STACKX|ROW can NOT set into hsi_status.
Let's disabling the approach of DXE get memory attributes until
we found the root cause.
(bsc#1247432)
- Building out shim.nx.efi for supporting non-executable
- Building additional shim with POST_PROCESS_PE_FLAGS=-n to set
the PE NX-compatibility DLL. (NxCompatible field in DllCharacteristics)
- Packaging shim.nx.efi to shim-nx RPM.
- Add MS signatures for shim.nx
- signature-opensuse-nx.x86_64.asc
signature-sles-nx.x86_64.asc
signature-opensuse-nx.aarch64.asc
signature-sles-nx.aarch64.asc
- We direc copy signatures of shim for shim.nx before we got
signatures from Microsoft.
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n
(bsc#1205588)
Factory: Fri Jul 25 05:44:51 UTC 2025 - Joey Lee <jlee@suse.com>
- Add shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- shim: change automatically enable MOK_POLICY_REQUIRE_NX (PR #761)
(bsc#1205588)
Factory: Wed May 28 03:37:04 UTC 2025 - Tseng <dennis.tseng@suse.com>
- add revoked-openSUSE-UEFI-SIGN-Certificate-2022-06.crt into dbx
- build shim with EKU enable flag (ENABLE_CODESIGN_EKU)
Factory: Tue May 6 06:19:02 UTC 2025 - Dennis <dennis.tseng@suse.com>
- Update to version 16.0
- https://github.com/rhboot/shim/releases/download/16.0/shim-16.0.tar.bz2
- remove shim-bsc1177315-verify-eku-codesign.patch
remove it because shim github upstream has accepted it (PR #664)
- add revoked-SLES-UEFI-SIGN-Certificate-2022-05.crt to revoked certificates for dbx
SLES-UEFI-SIGN-Certificate-20220525.crt can be blacklisted,
and can be added to the vendor dbx.
- add shim-alloc-one-more-byte-for-sprintf.patch (bsc#1240871)
The codes already submitted to git upstream (PR #746)
In generate_sbat_var_defs.c, realloc() should allocate one more byte for
the end of string '\0' when running sprintf() later.
- Patches (git log --oneline --reverse 15.8..16.0)
126a07e Validate that a supplied vendor cert is not in PEM format
63edf92 sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
3e1394e sbat: Also bump latest for grub,4 (and to todays date)
470a8cd undo change that limits certificate files to a single file
0287c6b shim: don't set second_stage to the empty string
3685b13 Fix SBAT.md for today's consensus about numbers
dc07432 Realize the suggestions as part of PR #672
e064e7d Update Code of Conduct contact address
e68f4ca make-certs: Handle missing OpenSSL installation
74a1f29 Update MokVars.txt - Update documented mirrored variable attributes from RT to BS,RT - Add missing MokSBStateRT - Clarify that MokIgnoreDB is a mirror of MokDBState - Add missing attributes for MokPWStore
f6674fe export DEFINES for sub makefile
47bbb5e Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
338fded Null-terminate 'arguments' in fallback
3d1dcd4 Fix "Verifiying" typo in error message
b5d359a CI: use checkout@v4
1d8365f CI: work around ownership issue on github
20094ca Update fedora CI targets
3cf0e09 Force gcc to produce DWARF4 so that gdb can use it
5f54182 includes: work around CLANG_PREREQ() double-definition
ab06527 Makefile: don't warn about clang when building compile_commands.json
0c9249d Suppress some warnings even harder in Cryptlib and OpenSSL.
fd7e16f Add building compile_commands.json to CI
314aecf Discard load-options that start with WINDOWS
ac85ba4 Fix the issue that the gBS->LoadImage pointer was empty.
d8c86b7 shim: Allow data after the end of device path node in load options
d197220 Backport EFI_HTTP_ERROR status code
6410312 netboot: Convert TFTP error codes to EFI status codes
ef8e729 httpboot: Convert HTTP status codes to EFI status codes
2a1cbe6 Update gnu-efi submodule for EFI_HTTP_ERROR
196cbb9 Increase EFI file alignment
ad8692e avoid EFIv2 runtime services on Apple x86 machines
0345331 Improve shortcut performance when comparing two boolean expressions
27562ea Fix bad reference to PathName in image loading
1508ece Move is_removable_media_path() to a shared location.
7864c10 Provide better error message when MokManager is not found
3e60895 tpm: Boot with a warning if the event log is full
b560c52 MokManager: remove redundant logical constraints
9229e7c Make mock_set_variable() correctly account for resource usage.
f7e1d72 tests: make it possible to use different limits for variable space
67efdfc test-mok-mirror: refactor the validation of test_mok_mirror_0
70366a2 test-mok-mirror: add a test case where MokListRT won't fit.
3caa75e test-mok-mirror: minor bug fix
dc45aa6 lib/simple_file.c: Allocate zeroed pool for SimpleFS entries
9415d3c simple_file: Allow to form a volume name from DevicePath
d6076cb simple_file: Use second variable to create filesystem entries
f99749a Ignore a minor clang-tidy nit
98173f0 Fall back to default loader when encountering errors on network boot
e42c319 test.mk: don't use a temporary random.bin
c66c157 pe: Enhance debug report for update_mem_attrs
1125212 Fix leak in error path
2daf1db Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi
eeca60a Update SbatLevel_Variable.txt with peimage CVE-2024-2312 revocation
743f3fa Add generate_sbat_var_defs utility program
5ae408a Generate and use generated_sbat_var_defs.h
e886fb3 SbatLevel_Variable.txt: clarify where and how revocation data is tracked
15c1a9a Implement the CodeSign EKU check to fulfill the requirements of NIAP OS_PP.
eb02afc Optionally enabling codesign EKU check in compiling time.
7ae0ee6 Add docs for ENABLE_CODESIGN_EKU
38dfa37 Create utils file
83850cd Add configuration option to boot an alternative 2nd stage
bb114a3 Implement shim image load protocol
e7b3598 Move some stuff around
0322e10 Implement the rest of the loader protocol functions
e43aea8 Add EFI_LOAD_FILE2_PROTOCOL to gnu-efi
2bff460 loader-proto: Add support for loading files from disk to LoadImage()
5d17278 loader-proto: Mark load_image()'s handle_image() call as "in_protocol"
fe2ad36 Don't print full screen error dialog from handle_image() when called in_protocol
c57af36 loader-proto: Respect optional DevicePath parameter to load_image()
2b49dc1 Suppress file open failures for some netboot cases
3c3295d netboot: process revocations.efi as revocations not shim_certificate
c66ce2a Allow indepdent SkuSi and SBAT revocation updates
6b8e40c netboot can try to load shim_certificate_[0..9].efi
301cf52 Document how revocations can be delivered
7cde2cc post-process-pe: add tests to validate NX compliance
1294b47 regression: out of bounds read in CopyMem() in ad8692e
765f294 compiler.h: minor ALIGN_... fixes
5c1e6e4 Move error logging decls out of shim.h
d972515 Save the debug and error logs in mok-variables
e3f0338 Silence minor nit in load-options parsing debug output
3d7c057 get_mem_attrs(): ensure an error code is set on failure
49db3de mok: add MOK_VARIABLE_CONFIG_ONLY
887c0ed mok variables: add a format callback
e4857b4 Make test-mok-error failures *slightly* more clear.
589c3f2 Move memory attribute support to its own file.
848667d shim: add HSIStatus feature
e136e64 mock-variables: fix debugging printf format specifier oopsie
f0958ba test-mock-variables: improve some debug prints
b216543 Move mok state variable data flag definitions to the header.
fc0cfac Mirror some more efi variables to mok-variables
eeda3fa gnu-efi: add some DXE services.
c41b1f0 Add support for DXE memory attribute updates.
9269e9b Add DXE Services information to HSI
c868d54 hexdump: give a different debug log for size==0
1baf1ef HSI: Add decode_hsi_bits() for easier reading of the debug log
3bce118 pe: read_header(): allow skipping SecDir content validation
89e6150 Add shim's current NX_COMPAT status to HSIStatus
c5c5287 peimage.h: minor whitespace fixes
5007d83 peimage: add a bunch of comments to read_header()
489af5e README.tpm: reflect that vendor_db is in fact logged as "vendor_db"
1958b0f reject message with different values in multiple Content-Length header field
9c423e0 Some save_logs() improvements.
81d40e3 Disable log saving for now.
498b149 fallback: don't add new boot order entries backwards
06d8dec makefiles: Make GITTAG swizzle tildes to dashes
f02b2c1 make-archive: some minor housekeeping
794d237 Update version to 16.0~rc1
d45c610 SetSecureVariable(): free Cert on failure
76fab7b generate_sbat_var_defs: run clang-format on readfile()
6dadb70 generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
f58c77e generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
b427a34 mirror_mok_db(): get rid of an unused variable+allocation
92630f2 mirror_one_mok_variable(): fix a memory leak on TPM log error.
38f0a9c mirror_mok_db(): Free our mok variable name correctly
db04321 shim_load_image(): initialize the buffer fully
7b75382 simple_dir_filter(): test our 'next' pointer
db1f1da Make 'make fanalyzer' work again.
28d8871 README.tpm: Update MokList entry to MokListRT
8932527 SBAT Level update for February 2025 GRUB CVEs
18d98bf Update version to 16.0
Factory: Tue Jun 25 04:12:39 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
- Update asc files of shim-15.8 after being signed back from
Microsoft, including:
signature-opensuse.x86_64.asc,
signature-opensuse.aarch64.asc
- asc files of shim-15.8 for sles is already updated on Apr 18, 2024
signature-sles.x86_64.asc,
signature-sles.aarch64.asc.
Factory: Mon Feb 26 13:09:29 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
Factory: Sat Feb 17 07:51:01 UTC 2024 - Joey Lee <jlee@suse.com>
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
- sudo
-
- CVE-2026-35535: potential privilege escalation when running
the mailer (bsc#1261420)
* fix-CVE-2026-35535.patch
- suse-module-tools
-
- Update to version 15.7.10:
* udev rules: write block queue attributes only if necessary
(bsc#1254928)
- Update to version 15.7.9:
* 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents
(bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
- syslogd
-
- Drop last sysvinit Requirement/Provide (PED-13698)
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1.1683-avoid-null-dereference.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf BuildRequires and drop the autoconf call in %build.
* Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1259248 - VUL-0: CVE-2026-23555: xen: Xenstored DoS by
unprivileged domain (XSA-481)
xsa481.patch
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
6978b5a5-x86-shadow-dont-overrun-trace_emul_write_val.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
6978b5bf-x86-spec-ctrl-incomplete-IBPB-at-cswitch.patch
- Upstream bug fixes (bsc#1027519)
691b3550-x86-ucode-add-rows-to-entrysign-table.patch
69247713-x86-ucode-error-handling-parallel.patch
6926be59-x86-vMSI-X-refcount.patch
6926e01d-x86-vHPET-IRQ-route-sanitization.patch
692896dc-x86-AMD-Zenbleed-mitigation-static.patch
692dc059-x86-AMD-DE_CFG-editing.patch
693a85c2-x86-PoD-decrease_reservation-clearing-M2P.patch
693a85d6-x86-update-log-dirty-bitmap-when-.patch
695f816a-x86-HVM-more-strict-XENMAPSPACE_gmfn-source-types.patch
6964e408-x86-retval-of-has_if_pschange_mc.patch
6978c4b0-x86-AMD-fold-another-DE_CFG-edit.patch
- Dropped in favor of upstream patch
xsa477.patch
xsa479.patch