------------------------------------------------------------------ --- Changelog.all ----------- Wed Apr 8 17:31:49 UTC 2026 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2026-4-7 - Apr 7 2026 ------------------- ------------------------------------------------------------------ ++++ virtme: - Update to 1.41: * Improve the consistency and reliability of the guest init process (virtme-ng-init / virtme-init). * Broader support across different distributions and architectures, including better compatibility with minimal rootfs environments. * Debugging capabilities have been enhanced with support for customizing the GDB port for each guest session. * Networking has been refined as well, with improved SSH handling and new options for PCI device passthrough via --vfio-pci. * Integration with AI agents has also been enhanced. In particular, vng can now be used more effectively in non-interactive sessions, allowing AI agents to automate fairly advanced workflows for kernel testing and patch validation. ------------------------------------------------------------------ ------------------ 2026-4-3 - Apr 3 2026 ------------------- ------------------------------------------------------------------ ++++ OpenBoard: - update to release version 1.7.7 * fix: transparent background for widgets * fix: enable Cookie storage * feat: display warning for broken documents * feat: add document converter in preparation for document format change with an upcoming version 1.8.0 - remove upstreamed patch 1434-build-poppler-26-02.patch - replace obsolete patch 1347-chore-appdata.patch for metainfo by 1446-chore-add-appdata-metainfo.patch ------------------------------------------------------------------ ------------------ 2026-4-2 - Apr 2 2026 ------------------- ------------------------------------------------------------------ ++++ aws-c-event-stream: - Add aces_bump-max-message-size.patch, required for CVE fix - Add aces_bump-max-headers-size.patch, required for CVE fix - Add CVE-2026-5190.patch to fix that crafted event-stream messages causing out-of-bounds write (bsc#1261298, CVE-2026-5190) ++++ osslsigncode: - Update to 2.13 (bsc#1260680, CVE-2025-70888): * fixed integer overflows when processing APPX compressed data streams * fixed double-free vulnerabilities in APPX file processing * fixed multiple memory corruption issues in PE page hash computation - Changes from 2.12: * fixed a buffer overflow while extracting message digests - Changes from 2.11: * added keyUsage validation for signer certificate * added printing CRL details during signature verification * implemented a workaround for CRL servers returning the HTTP Content-Type header other than application/pkix-crl * fixed HTTP keep-alive handling * fixed macOS compiler and linker flags * fixed undefined BIO_get_fp() behavior with BIO_FLAGS_UPLINK_INTERNAL ------------------------------------------------------------------ ------------------ 2026-3-31 - Mar 31 2026 ------------------- ------------------------------------------------------------------ ++++ amazon-ecs-init: - Update to version 1.102.1 * Enhancement - Improve ENI watcher udev logging (#4887) * Enhancement - Update go version to 1.25.7, Update unit test coverage logic (#4886) * Enhancement - Upgrade prometheus deps (#4883) * Enhancement - Use static IP for daemon tasks for Managed Instances, also updates amazon-ecs-cni-plugins (#4881) * Bugfix - Fix IMDS client rate limiting to prevent token refresh failures after 401 responses (#4870) - For the changes between 1.64.0 and 1.102.0, see CHANGELOG.md - Fix permissions of systemd service file - Include CHANGELOG.md in %doc section - Refresh reproducible.patch - Refresh use-agent-container-built-in-certs.patch - Switch upstream source to amazon-ecs-agent - Switch to systemd-tmpfiles to store runtime data (jsc#PED-14842) ++++ chromium: - Chromium 146.0.7680.177 (boo#1261249) * CVE-2026-5273: Use after free in CSS * CVE-2026-5272: Heap buffer overflow in GPU * CVE-2026-5274: Integer overflow in Codecs * CVE-2026-5275: Heap buffer overflow in ANGLE * CVE-2026-5276: Insufficient policy enforcement in WebUSB * CVE-2026-5277: Integer overflow in ANGLE * CVE-2026-5278: Use after free in Web MIDI * CVE-2026-5279: Object corruption in V8 * CVE-2026-5280: Use after free in WebCodecs * CVE-2026-5281: Use after free in Dawn * CVE-2026-5282: Out of bounds read in WebCodecs * CVE-2026-5283: Inappropriate implementation in ANGLE * CVE-2026-5284: Use after free in Dawn * CVE-2026-5285: Use after free in WebGL * CVE-2026-5286: Use after free in Dawn * CVE-2026-5287: Use after free in PDF * CVE-2026-5288: Use after free in WebView * CVE-2026-5289: Use after free in Navigation * CVE-2026-5290: Use after free in Compositing * CVE-2026-5291: Inappropriate implementation in WebGL * CVE-2026-5292: Out of bounds read in WebCodecs - drop chromium-3bccbdead3efa7e91f7c9d4078106dedaed84fb8.patch (included) ++++ tinyproxy: - Add 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch [boo#1261024] [CVE-2026-3945] ------------------------------------------------------------------ ------------------ 2026-3-28 - Mar 28 2026 ------------------- ------------------------------------------------------------------ ++++ tigervnc: - U_Prevent-other-users-reading-x0vncserver-screen.patch * Prevent other users from observing the screen, or modifying what is sent to the client. Malicious attackers could even crash x0vncserver if they timed the modifications right. (CVE-2026-34352, bsc#1260871) ------------------------------------------------------------------ ------------------ 2026-3-27 - Mar 27 2026 ------------------- ------------------------------------------------------------------ ++++ mapserver: - Update to release 8.6.1 * msSLDParseRasterSymbolizer: fix potential heap buffer overflow [boo#1260869] [CVE-2026-33721] * GetFeatureInfo with IDENTIFY CLASSAUTO: take into account SYMBOL.ANCHORPOINT * WCS 2.0: fix issue when input raster in a rotated pole lon/lat CRS with lon_0 > 180 * UVRaster: fix WMS-Time support on layers with TILEINDEX pointing to a shapefile * WMS GetCapabilities response: use group title and abstract when using wms_layer_group instead of GROUP ++++ libpng16: - added patches CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754) * libpng16-CVE-2026-33416-1.patch * libpng16-CVE-2026-33416-2.patch * libpng16-CVE-2026-33416-3.patch * libpng16-CVE-2026-33416-4.patch CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755) * libpng16-CVE-2026-33636.patch ------------------------------------------------------------------ ------------------ 2026-3-26 - Mar 26 2026 ------------------- ------------------------------------------------------------------ ++++ expat: - security update: * CVE-2026-32776: expat: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726) - Added patch expat-CVE-2026-32776.patch * CVE-2026-32777: expat: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259711) - Added patch expat-CVE-2026-32777.patch * CVE-2026-32778: expat: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729) - Added patch expat-CVE-2026-32778.patch ++++ kea: - Update to release 3.0.3 * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. (CVE-2025-11232) [bsc#1252863] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Removed logging an error in ping check hook library if using lease cache treshold. * Fixed deadlock in ping-check hooks library. * Fixed a data race in ping-check hooks library. ------------------------------------------------------------------ ------------------ 2026-3-25 - Mar 25 2026 ------------------- ------------------------------------------------------------------ ++++ gimp: - Add CVE fixes: + gimp-CVE-2026-4150.patch (bsc#1259979, CVE-2026-4150) + gimp-CVE-2026-4153.patch (bsc#1259984, CVE-2026-4153) + gimp-CVE-2026-4154.patch (bsc#1259986, CVE-2026-4154) + gimp-CVE-2026-4151.patch (bsc#1259983, CVE-2026-4151) ------------------------------------------------------------------ ------------------ 2026-3-24 - Mar 24 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit-packages: - Update dependencies to fix bsc#1258641/CVE-2026-26996 ++++ python-cbor2: - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can cause a denial of service (bsc#1260367) * CVE-2026-26209.patch ------------------------------------------------------------------ ------------------ 2026-3-23 - Mar 23 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 140.9.0 ESR * Fixed: Various security fixes. MFSA 2026-22 (bsc#1260083) * CVE-2026-4684 (bmo#2011129) Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685 (bmo#2016349) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686 (bmo#2016351) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687 (bmo#2016368) Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688 (bmo#2016373) Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689 (bmo#2016374) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690 (bmo#2016375) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691 (bmo#2017512) Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692 (bmo#2017643) Sandbox escape in the Responsive Design Mode component * CVE-2026-4693 (bmo#2018102) Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694 (bmo#2018430) Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695 (bmo#2020030) Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696 (bmo#2020190) Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697 (bmo#2020422) Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698 (bmo#2020906) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699 (bmo#2021863) Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700 (bmo#2003766) Mitigation bypass in the Networking: HTTP component * CVE-2026-4701 (bmo#2009303) Use-after-free in the JavaScript Engine component * CVE-2026-4702 (bmo#2013560) JIT miscompilation in the JavaScript Engine component * CVE-2026-4704 (bmo#2014868) Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705 (bmo#2014873) Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706 (bmo#2015091) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707 (bmo#2015267) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708 (bmo#2015268) Incorrect boundary conditions in the Graphics component * CVE-2026-4709 (bmo#2016329) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710 (bmo#2016370) Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711 (bmo#2017002) Use-after-free in the Widget: Cocoa component * CVE-2026-4712 (bmo#2017666) Information disclosure in the Widget: Cocoa component * CVE-2026-4713 (bmo#2018113) Incorrect boundary conditions in the Graphics component * CVE-2026-4714 (bmo#2018126) Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715 (bmo#2018405) Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716 (bmo#2018592) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717 (bmo#2021695) Privilege escalation in the Netmonitor component * CVE-2025-59375 (bmo#1988467) Denial-of-service in the XML component * CVE-2026-4718 (bmo#2014864) Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719 (bmo#2016367) Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720 (bmo#2004652, bmo#2019372, bmo#2021922, bmo#2022567, bmo#2022733) Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721 (bmo#2013762, bmo#2015291, bmo#2016591, bmo#2016661, bmo#2016664, bmo#2017303, bmo#2017894, bmo#2018090, bmo#2018196, bmo#2018379, bmo#2019112, bmo#2022090, bmo#2022243, bmo#2022351, bmo#2022478, bmo#2022676) Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 ++++ chromium: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM - added patches: * chromium-3bccbdead3efa7e91f7c9d4078106dedaed84fb8.patch (upstream compile fix for blink on non-x86,non-arm) ++++ chromium: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM - added patches: * chromium-3bccbdead3efa7e91f7c9d4078106dedaed84fb8.patch (upstream compile fix for blink on non-x86,non-arm) ++++ openQA: - Update to version 5.1774104919.9788babf: * feat: add pre-commit hooks with gitlint * ci: replace GHA commit-message-checker with os-autoinst-common one * refactor: replace .gitlint with identical os-autoinst-common one * git subrepo pull (merge) external/os-autoinst-common * fix: needlediff view alignment (regression from dc1a3709e) * fix: robust group property validation and reliable UI tests * test: Consider the `CacheService` directory fully covered * test: Mark whole function `_kill_db_accessing_processes` as uncoverable * test: Track coverage of InfluxDB route of cache service * refactor: Remove CORE:: prefix from function calls * fix: avoid duplicating users on provider mismatch * refactor(Utils): remove unnecessary CORE:: prefix again * fix: use proper Mojo::Base attribute for developer_session_running * refactor: convert all remaining lib/ modules to signatures * fix: use Scalar::Util::set_prototype for compatibility with Perl 5.26.1 * refactor(LiveHandler): convert remaining modules to signatures * refactor(Scheduler): convert remaining modules to signatures * refactor(Schema): convert remaining modules to signatures * refactor(Shared): convert remaining modules to signatures * refactor(Task): convert remaining modules to signatures * refactor(WebAPI): convert remaining modules to signatures * refactor(WebSockets): convert remaining modules to signatures * refactor(Worker): convert remaining modules to signatures * refactor(Parser): convert remaining modules to signatures * refactor(CacheService): convert remaining modules to signatures * refactor(t::lib::OpenQA): convert remaining modules to signatures * refactor: Simplify `_handle_command_resume_test_execution` * chore(t::OpenQA::Test::Utils): remove obsolete "_get_worker" mock * fix: Add missing Mojo::File import in Parser::Format::Base * refactor: remove unused function OpenQA::Parser::Result::write_json * feat(tests): reduce wait_for_ajax default timeout from 5min to 30s * Revert "feat: modernize test result styling with data attributes" * refactor: Use File::stat to avoid magic numbers * refactor: Use Time::Seconds to avoid magic numbers * chore: adapt openQA for jQuery 4.0.0 * feat: improve local gitlint by picking the most recent base branch * ci: ensure local gitlint checks all commits in the branch * ci(check-helm-chart): try harder to download from registry.opensuse.org * fix: resolve instability in cache-service rsync test * feat: use localhost instead of manual IP addresses in startup message * feat: modernize test result styling with data attributes * fix(audit): show all audit events in the web UI * docs: Add missing line break to fix Deletion section * build: integrate stylelint for automated CSS/SCSS styling * feat: Allow reproducing test with pinned test code via clone-job * feat(webui): make rendering batch size configurable * fix: resolve sporadic failure in UI test tabs loading * fix(investigation): select casedir/needledir correctly when no symlink ++++ os-autoinst: - Update to version 5.1774101470.e82b4cb: * feat: implement 'always_run' test flag * refactor: use gitlint from os-autoinst-common * git subrepo pull (merge) --force external/os-autoinst-common * feat(snd2png): restore erroneously deleted test * style: fix copyright in crop.py * chore: remove unused pyproject line * chore(deps): Add PPI to development dependencies * chore(snd2png): update test.png.md5.original based on current snd2png * test(full-stack): optimize execution time by reducing timeouts * feat(vnc): make connection retry sleep configurable * feat: add configurable secret key hiding support ++++ python-dynaconf: - CVE-2026-33154: Server-Side Template Injection in the @Jinja resolver (bsc#1260063) * added CVE-2026-33154.patch ++++ python-pyOpenSSL: - CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808) Add patch CVE-2026-27459.patch - CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804) Add patch CVE-2026-27448.patch ++++ tar: - Fix bsc#1246399 / CVE-2025-45582. - Fix bsc#1246607. - Add patch: * CVE-2025-45582.patch * tar-fix-deletion-from-archive.patch - Refresh patch: * tar-fix-extract-unlink.patch ------------------------------------------------------------------ ------------------ 2026-3-21 - Mar 21 2026 ------------------- ------------------------------------------------------------------ ++++ freeciv: - freeciv 3.2.4: * CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server (boo#1260036) * SDL2 client: Fix crash on selecting nation style or nation - includes changes from version 3.2.3: * Restore server to sane state after savegame loading failures * Assert unit goto tile validity rather than outright crashing * Improvements to AI players * Client UI tweaks and bug fixes * translation updates - drop SDL3 client, build alongside SDL2 is no longer supported, requires more intrusive changes to rpm spec ------------------------------------------------------------------ ------------------ 2026-3-20 - Mar 20 2026 ------------------- ------------------------------------------------------------------ ++++ GraphicsMagick: - added patches CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456) * GraphicsMagick-CVE-2026-28690.patch ++++ cockpit-repos: - Update dependencies to fix bsc#1258637/CVE-2026-26996 ++++ rust-keylime: - Suggests only the IMA policy package, and keep it as example (bsc#1259963) - Add Cargo_toml.patch to re-generate TSS bindings - Update to version 0.2.9+8: * build(deps): bump thiserror from 2.0.17 to 2.0.18 * build(deps): bump docker/login-action from 3 to 4 * build(deps): bump docker/metadata-action from 5 to 6 * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: Use registrar TLS port when TLS is enabled * build(deps): bump docker/build-push-action from 6 to 7 * build(deps): bump actions/upload-artifact from 6 to 7 * dist: Make the services to conflict with each other * Bump version to 0.2.9 * build(deps): bump mockoon/cli-action from 2 to 3 * cargo: Bump tracing_subscriber to version 0.3.20 * cargo: Bump time to version 0.3.47 * build(deps): bump http from 1.3.1 to 1.4.0 * Update reqwest from 0.12 to 0.13 * build(deps): bump serde from 1.0.219 to 1.0.228 * auth: Load CA certificate in authentication client * packit: Add missing e2e tests * registrar: Rename insecure option to disable_tls * push-attestation: Drop self-signed mTLS certificate generation * config: Add missing config options to keylime-agent.conf * config: Add support for "default" in registrar_api_versions option * config: Add support for "default" in registrar_tls_ca_cert option * config: Drop unused config options and constants * push-attestation: Drop support for mTLS to registrar * push-attestation: Drop mTLS support and require PoP authentication * build(deps): bump clap from 4.5.45 to 4.5.54 * build(deps): bump actix-web from 4.11.0 to 4.12.1 * auth: Reuse existing ContextInfo to avoid duplicate TPM objects * resilient_client: Reauthenticate if a 403 error is received ++++ nghttp2: - added patches CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845) * nghttp2-CVE-2026-27135.patch ++++ perl-XML-Parser: - modified patches * XML-Parser-2.40.diff (-p1) - added patches CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901) * perl-XML-Parser-CVE-2006-10002.patch CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902) * perl-XML-Parser-CVE-2006-10003.patch ++++ python-PyPDF2: - CVE-2026-33123: excessive resource consumption when processing specially crafted PDF due to inefficient decoding of array-based streams (bsc#1259992) * CVE-2026-33123.patch ++++ selinux-policy: - Update to version 20250627+git355.5249ba7d5: * Revert "Define file equivalency for /var/opt" (bsc#1259704) * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438) ------------------------------------------------------------------ ------------------ 2026-3-19 - Mar 19 2026 ------------------- ------------------------------------------------------------------ ++++ python-pyasn1: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803) Add patch CVE-2026-30922.patch ------------------------------------------------------------------ ------------------ 2026-3-18 - Mar 18 2026 ------------------- ------------------------------------------------------------------ ++++ GraphicsMagick: - added patches CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467) * GraphicsMagick-CVE-2026-30883.patch ++++ chromium: - Chromium 146.0.7680.153 (boo#1259964): * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE ++++ chromium: - Chromium 146.0.7680.153 (boo#1259964): * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE ++++ chromium: - Chromium 146.0.7680.153 (boo#1259964): * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE ++++ python-PyJWT: - Skip failing tests (gh#jpadilla/pyjwt#1153) - Update to 2.12.1: - Add missing typing_extensions dependency for Python < 3.11 in [#1150] - Update to 2.12.0: - Fixed - Annotate PyJWKSet.keys for pyright by @tamird in #1134 - Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 - Do not keep algorithms dict in PyJWK instances by @akx in [#1143] - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f (bsc#1259616, CVE-2026-32597). - Use PyJWK algorithm when encoding without explicit algorithm in #1148 - Added - Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). v2.11.0 - Fixed - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by @kurtmckee in #1105 - Validate key against allowed types for Algorithm family in [#964] - Add iterator for JWKSet in #1041 - Validate iss claim is a string during encoding and decoding by @pachewise in #1040 - Improve typing/logic for options in decode, decode_complete by @pachewise in #1045 - Declare float supported type for lifespan and timeout by @nikitagashkov in #1068 - Fix SyntaxWarnings/DeprecationWarnings caused by invalid escape sequences by @kurtmckee in #1103 - Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in #1114 - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in #1112 - Added - Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in #1104 - Development: Migrate to build to test package building in CI by @kurtmckee in #1108 - Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in #1115 - Docs: Standardize CHANGELOG links to PRs by @kurtmckee in [#1110] - Docs: Fix Read the Docs builds by @kurtmckee in #1111 - Docs: Add example of using leeway with nbf by @djw8605 in [#1034] - Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in #1045 - Docs: Documentation improvements for "sub" and "jti" claims by @cleder in #1088 - Development: Add pyupgrade as a pre-commit hook by @kurtmckee in #1109 - Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead. - Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions. ------------------------------------------------------------------ ------------------ 2026-3-17 - Mar 17 2026 ------------------- ------------------------------------------------------------------ ++++ az-cli-cmd: - Fix install/upgrade/removal With the release of flake-pilot 3.1.27 a force option for registration and deregistration has been added. This allows for a simpler registration processing in the spec file of the -cmd package. This commit adds registration and deregistration helper scripts and calls them as part of the spec pre/post processing macros. The macro setup makes sure: 1. The flake gets registered as %post install action 2. The flake gets deregistered as %preun uninstall (no upgrade) action With regards to the already released package and the existing macro code the following applies: The %postun code from the old package runs after the %post code of the new package and only in upgrade mode. This would harm the registration which is the reason why we again call register_az in %posttrans which is the last action of the entire transaction and ensures the registration will be effective This Fixes bsc#1259604 ++++ krb5-appl: - added patches CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) * krb5-appl-CVE-2026-32746.patch ++++ mumble: - CVE-2025-71264: (opus) incorrect size calculations allow for an out-of-bounds array access and can lead to a client crash (boo#1259721) add mumble-1.5.857-CVE-2025-71264.patch ++++ python-Authlib: - CVE-2026-27962: JWS `deserialize_compact()` allows for signature bypass by accepting user-controlled embedded JWK as verification key (bsc#1259738) * added CVE-2026-27962.patch - CVE-2026-28490: cryptographic padding oracle in JWE RSA1_5 key management algorithm (bsc#1259736) * added CVE-2026-28490.patch - CVE-2026-28498: fail-open in behavior OIDC hash validation allows for bypass mandatory integrity protections (bsc#1259737) * added CVE-2026-28498.patch ++++ python-simpleeval: - CVE-2026-32640: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox (bsc#1259685) * added CVE-2026-32640.patch ++++ python-tornado6: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553) * added CVE-2026-31958.patch - VUL-0: incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630) * added VUL-0-cookie-attribute-validation.patch ------------------------------------------------------------------ ------------------ 2026-3-16 - Mar 16 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - fix INSTALL.sh (upstream changed CHANNEL to channel in wrapper) ++++ chromium: - fix INSTALL.sh (upstream changed CHANNEL to channel in wrapper) ++++ chromium: - fix INSTALL.sh (upstream changed CHANNEL to channel in wrapper) ++++ chromium: - fix INSTALL.sh (upstream changed CHANNEL to channel in wrapper) ++++ systemd: - Import commit d349fc5cd4f9ee2b7884c2610647e92806d14b28 (merge of v257.13) This merge includes the following fix: 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ------------------------------------------------------------------ ------------------ 2026-3-15 - Mar 15 2026 ------------------- ------------------------------------------------------------------ ++++ gnome-online-accounts: - Update to version 3.58.0: + SMTP server without password cannot be configured + Remove unneeded SMTP password escaping + build: Disable google provider Files feature + MS365: Fix mail address and name + Google: Set mail name to presentation identity + Updated translations. ------------------------------------------------------------------ ------------------ 2026-3-14 - Mar 14 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) ++++ chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) ++++ chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) ++++ chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) ++++ python-vulture: - update to 2.15: * Handle `while True` loops without `break` statements (kreathon). * Add whitelist for `ssl.SSLContext` (tunnelsociety, #392). * Add more ruff rules (even-even). * Drop support for Python 3.8 (Jendrik Seipp, #398). * Add support for Python 3.14 (even-even). * Improve reachability analysis (kreathon, #270, #302). * Add type hints for `get_unused_code` and the fields of the `Item` class (John Doknjas, #361). ------------------------------------------------------------------ ------------------ 2026-3-13 - Mar 13 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - modified sources * ImageMagick-SUSE-security-policy.xml - added patches CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446) * ImageMagick-CVE-2026-28493.patch CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447) * ImageMagick-CVE-2026-28494.patch CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448) * ImageMagick-CVE-2026-28686.patch CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450) * ImageMagick-CVE-2026-28687.patch CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451) * ImageMagick-CVE-2026-28688.patch CVE-2026-28689: `domain=path` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452) * ImageMagick-CVE-2026-28689.patch CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456) * ImageMagick-CVE-2026-28690.patch CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455) * ImageMagick-CVE-2026-28691.patch CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457) * ImageMagick-CVE-2026-28692.patch CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466) * ImageMagick-CVE-2026-28693.patch CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467) * ImageMagick-CVE-2026-30883.patch CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468) * ImageMagick-CVE-2026-30929.patch CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469) * ImageMagick-CVE-2026-30931.patch CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497) * ImageMagick-CVE-2026-30935.patch CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464) * ImageMagick-CVE-2026-30936.patch CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463) * ImageMagick-CVE-2026-30937.patch CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528) * ImageMagick-CVE-2026-31853.patch ++++ chromium: - Chromium 146.0.7680.75: * CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648) - fix ffmpeg build on ppc64le - modified patches: * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ++++ chromium: - Chromium 146.0.7680.75: * CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648) - fix ffmpeg build on ppc64le - modified patches: * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ++++ chromium: - Chromium 146.0.7680.75: * CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648) - fix ffmpeg build on ppc64le - modified patches: * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ++++ chromium: - Chromium 146.0.7680.75: * CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648) - fix ffmpeg build on ppc64le - modified patches: * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ++++ openQA: - Update to version 5.1773427330.0b172206: * fix: Display GitHub bugrefs correctly when used within a label * refactor: Improve style in `t/39-scheduled_products-table.t` * feat: improve responsiveness of tabs in job details view * ci(helm): override pullPolicy when install helm via ct * test: Consider everything under `lib/OpenQA/Schema` covered * test: Cover generating Gravatar URLs * test: Cover handling failed job cancellation when scheduling iso * feat: add zypper clean command in base container * test: Cover computing Git log diff * test: Cover adding logs to result file list * refactor: Simplify and slightly improve `create_asset` * refactor: Simplify error handling in function for appending job logs * test: Cover setting and deleting job properties * test: Cover error handling when duplicating jobs * test: Mark error handling in `_hashref` as uncoverable * test: Cover remaining lines of `JobModules.pm` * refactor: Remove unused function `locked_by_jobs` * test: Cover removing test suite defaults * test: Cover rendering description of parent job group * test: Consider everything under `lib/OpenQA/Script/` covered * test: Cover `openqa_baseurl` used by clone script * test: Cover handling unexpected return code in clone script - Update to version 5.1773333964.ffc5eff5: * test: Fix unstable test for stacking of parallel tests on overview page ++++ os-autoinst: - Update to version 5.1773429030.ba0de6e: * fix: Correct number of internal test_count * chore(AGENTS.md): add customized file * chore(deps): add perl-Test-Perl-Critic dependency for parallel execution * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * docs: convert doc/backend_vars.asciidoc to Markdown * docs: convert README.asciidoc to Markdown * docs: convert doc/memorydumps.asciidoc to Markdown * feat: add gitlint pre-commit setup - Update to version 5.1773327169.ae7c574: * chore(AGENTS.md): add customized file * chore(deps): add perl-Test-Perl-Critic dependency for parallel execution * chore(deps): Update perltidy * fix: Remove logger message from else condition * docs: convert doc/backend_vars.asciidoc to Markdown * docs: convert README.asciidoc to Markdown * docs: convert doc/memorydumps.asciidoc to Markdown * feat: add gitlint pre-commit setup ++++ python-black: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608) * added CVE-2026-32274.patch ------------------------------------------------------------------ ------------------ 2026-3-12 - Mar 12 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - modified patches: * chromium-146-value_or.patch (from debian) - removed patches: * chromium-144-revert_gfx_value_or.patch (contained above) - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture - added patches: * chromium-146-mojo_chmod_mode.patch (fix typo/pythonism in c code) * chromium-146-value_or.patch (error: no matching member function for call to 'value_or') * chromium-146-has_no_clone.patch * chromium-146-clang-19-crash.patch (from debian) * chromium-146-keyfactory.patch (from debian) * chromium-146-static-assert.patch (from debian) * chromium-146-ignore-for-ubsan.patch (from debian) * chromium-146-bytemuck.patch (from debian) - modified patches: * chromium-125-compiler.patch * chromium-133-bring_back_and_disable_allowlist.patch * chromium-134-type-mismatch-error.patch * chromium-145-use_unrar.patch * force-rust-nightly.patch * rollup.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch * ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch * ppc-fedora-fix-study-crash.patch - removed patches: * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch - keeplibs: drop third_party/skia/third_party/vulkan (gone) add third_party/catapult/third_party/typ (needed by base/tracing/protos/chrome_track_event_resources_grit) ++++ chromium: - modified patches: * chromium-146-value_or.patch (from debian) - removed patches: * chromium-144-revert_gfx_value_or.patch (contained above) - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture - added patches: * chromium-146-mojo_chmod_mode.patch (fix typo/pythonism in c code) * chromium-146-value_or.patch (error: no matching member function for call to 'value_or') * chromium-146-has_no_clone.patch * chromium-146-clang-19-crash.patch (from debian) * chromium-146-keyfactory.patch (from debian) * chromium-146-static-assert.patch (from debian) * chromium-146-ignore-for-ubsan.patch (from debian) * chromium-146-bytemuck.patch (from debian) - modified patches: * chromium-125-compiler.patch * chromium-133-bring_back_and_disable_allowlist.patch * chromium-134-type-mismatch-error.patch * chromium-145-use_unrar.patch * force-rust-nightly.patch * rollup.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch * ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch * ppc-fedora-fix-study-crash.patch - removed patches: * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch - keeplibs: drop third_party/skia/third_party/vulkan (gone) add third_party/catapult/third_party/typ (needed by base/tracing/protos/chrome_track_event_resources_grit) ++++ chromium: - modified patches: * chromium-146-value_or.patch (from debian) - removed patches: * chromium-144-revert_gfx_value_or.patch (contained above) - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture - added patches: * chromium-146-mojo_chmod_mode.patch (fix typo/pythonism in c code) * chromium-146-value_or.patch (error: no matching member function for call to 'value_or') * chromium-146-has_no_clone.patch * chromium-146-clang-19-crash.patch (from debian) * chromium-146-keyfactory.patch (from debian) * chromium-146-static-assert.patch (from debian) * chromium-146-ignore-for-ubsan.patch (from debian) * chromium-146-bytemuck.patch (from debian) - modified patches: * chromium-125-compiler.patch * chromium-133-bring_back_and_disable_allowlist.patch * chromium-134-type-mismatch-error.patch * chromium-145-use_unrar.patch * force-rust-nightly.patch * rollup.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch * ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch * ppc-fedora-fix-study-crash.patch - removed patches: * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch - keeplibs: drop third_party/skia/third_party/vulkan (gone) add third_party/catapult/third_party/typ (needed by base/tracing/protos/chrome_track_event_resources_grit) ++++ chromium: - modified patches: * chromium-146-value_or.patch (from debian) - removed patches: * chromium-144-revert_gfx_value_or.patch (contained above) - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture - added patches: * chromium-146-mojo_chmod_mode.patch (fix typo/pythonism in c code) * chromium-146-value_or.patch (error: no matching member function for call to 'value_or') * chromium-146-has_no_clone.patch * chromium-146-clang-19-crash.patch (from debian) * chromium-146-keyfactory.patch (from debian) * chromium-146-static-assert.patch (from debian) * chromium-146-ignore-for-ubsan.patch (from debian) * chromium-146-bytemuck.patch (from debian) - modified patches: * chromium-125-compiler.patch * chromium-133-bring_back_and_disable_allowlist.patch * chromium-134-type-mismatch-error.patch * chromium-145-use_unrar.patch * force-rust-nightly.patch * rollup.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch * ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch * ppc-fedora-fix-study-crash.patch - removed patches: * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch - keeplibs: drop third_party/skia/third_party/vulkan (gone) add third_party/catapult/third_party/typ (needed by base/tracing/protos/chrome_track_event_resources_grit) ++++ openQA: - Update to version 5.1773291834.69acf4b4: * chore(deps): Dependency cron 2026-03-12 * style: Use HTTP::Status status code constants * Revert "feat: optimize size of devel:openQA:ci/base container" * feat: adapt to os-autoinst switching to markdown ++++ python-Django: - Add skip-flaky-tests.patch to skip tests which randomly fail ++++ python-PyPDF2: - CVE-2026-31826: denial of service due to excessive memory consumption via crafted PDF, bsc#1259508 Add security patch: CVE-2026-31826.patch ++++ python-PyPDF2: - CVE-2026-31826: denial of service due to excessive memory consumption via crafted PDF, bsc#1259508 Add security patch: CVE-2026-31826.patch ++++ python-black: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution (bsc#1259546) * added CVE-2026-31900.patch ------------------------------------------------------------------ ------------------ 2026-3-11 - Mar 11 2026 ------------------- ------------------------------------------------------------------ ++++ rust: - Update to version 1.94.0 - for details see the rust1.94 package ++++ vim: * Update Vim to version 9.2.0110 (from 9.2.0045). * Specifically, this fixes bsc#1259051 / CVE-2026-28417. ++++ himmelblau: - Fix SELinux module packaging to use standard policy macros (bsc#1258236): * Build and install precompiled himmelblaud.pp at package build time * Replace custom semodule scriptlets with %selinux_modules_install/uninstall - Update to version 2.3.8+git0.dec3693 (CVE-2026-31979, bsc#1259548): * Version 2.3.8 * Add PrivateTmp back to Tasks Daemon * Drop dead code * Drop krb5 ccache dir code * Add a TODO comment * Drop non working packaged krb5 snippet file * Write kerberos config snippet * Extend resolver interface to return kerberos config together with TGTs * Backport SELinux fixes from main * Use libkrimes to store TGTs - Update to version 2.3.7+git0.81088cd: * Version 2.3.7 * cargo vet * Fix AWS-LC has PKCS7_verify Certificate Chain Validation Bypass * Revert dependency change which broke the nightly build * gen_dockerfiles: only himmelblaud has tpm feature, fix all others * fix(build): gen_dockerfiles.py mutates shared features list mid-loop * Update to libhimmelblau on leap 15.6, selinux-policy-devel doesn't exist ++++ openQA: - Update to version 5.1773248854.f2e05df9: * style: Use HTTP::Status status code constants * Revert "feat: optimize size of devel:openQA:ci/base container" * refactor: Write `renderComments()` in a more compact way * fix: Restore spacing between bug and other icons after 9346b7165 * ci(helm): replace internal retry with okurz/retry/ * refactor: Use signature in callback to clarify input parameters * style: Add three perlcritic rules * style: Make .perlcriticrc a real file instead of a symlink * chore(deps): Adjust bot commit message to conventional commits * test: Add test for rendering `label:linked` with bug reference * feat: Improve handling non-bugref URLs in `mark_job_linked` after 7f6790 * test: Verify that only one label is added via `mark_job_linked` * feat: Render labels with bug references as clickable links * refactor: Improve coding style in `renderComments()` * feat: Use bugref within label when creating 'Job mentioned in …' comment * docs: document the priority throttling for scheduled jobs * Dependency cron 2026-03-09 * feat: Streamline "relates to default checkout" condition * feat: Enable `git_auto_update` if `CASEDIR` and `NEEDLES_DIR` are set * feat: Support `CASEDIR` lookup introduced in ef229dc also in Git tasks * fix: Handle error when determining Git server host correctly * feat: add privacy policy * feat: adapt to os-autoinst switching to markdown ++++ os-autoinst: - Update to version 5.1773245056.43fc8f0: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * docs: convert doc/backend_vars.asciidoc to Markdown ++++ os-autoinst: - Update to version 5.1773245056.43fc8f0: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * docs: convert doc/backend_vars.asciidoc to Markdown ++++ patterns-cockpit: - Add cockpit-client pattern extending cockpit pattern with cockpit-client-launcher only for openSUSE code-o-o#leap/features#279 Separate pattern to avoid pulling graphical stack and list the option in Agama installer ++++ scap-security-guide: - Update the SSG package description - Add SLE16 profiles to the build - updated to 0.1.79 (jsc#ECO-3319) - Create SLE16 HIPAA profile - Create SLE16 PCI DSS 4 profile - Use Sequoia in RHEL 10 instead of GPG - New Profile for RHEL10: BSI - Move RHEL Control files to product files - Update RHEL 9 CCN profile - Various updates for SLE 12/15 ------------------------------------------------------------------ ------------------ 2026-3-10 - Mar 10 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - modified patches [bsc#1258790] * ImageMagick-CVE-2026-24484.patch (improved by f13732ed5655376010ee0a6cf2af11d1b2a62f49) ++++ distrobox: - Add fix-distrobox-to-newer-zypper.patch, fixing bsc#1259032 * we need to backport another commit, to actually make it work (add newline.patch) (it still gives a visual error when initializing a new container, but works) ++++ openQA: - Update to version 5.1773151075.654d76ed: * refactor: Write `renderComments()` in a more compact way * fix: Restore spacing between bug and other icons after 9346b7165 * ci(helm): replace internal retry with okurz/retry/ * refactor: Use signature in callback to clarify input parameters * style: Add three perlcritic rules * style: Make .perlcriticrc a real file instead of a symlink * chore(deps): Adjust bot commit message to conventional commits * test: Add test for rendering `label:linked` with bug reference * feat: Improve handling non-bugref URLs in `mark_job_linked` after 7f6790 * test: Verify that only one label is added via `mark_job_linked` * feat: Render labels with bug references as clickable links * refactor: Improve coding style in `renderComments()` * feat: Use bugref within label when creating 'Job mentioned in …' comment * docs: document the priority throttling for scheduled jobs * Dependency cron 2026-03-09 * feat: Streamline "relates to default checkout" condition * feat: Enable `git_auto_update` if `CASEDIR` and `NEEDLES_DIR` are set * feat: Support `CASEDIR` lookup introduced in ef229dc also in Git tasks * fix: Handle error when determining Git server host correctly * feat: add privacy policy ++++ python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter, bsc#1259404 Add security patch: CVE-2026-28804.patch - Update sources with osc run download_files ++++ python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter, bsc#1259404 Add security patch: CVE-2026-28804.patch - Update sources with osc run download_files ++++ python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter, bsc#1259404 Add security patch: CVE-2026-28804.patch - Update sources with osc run download_files ++++ python-lxml_html_clean: - CVE-2026-28348: improper keywords checking can allow external CSS loading (bsc#1259378) * added CVE-2026-28348.patch - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs (bsc#1259379) * added CVE-2026-28350.patch ------------------------------------------------------------------ ------------------ 2026-3-9 - Mar 9 2026 ------------------- ------------------------------------------------------------------ ++++ GraphicsMagick: - security update - added patches CVE-2026-25799 [bsc#1258786], Division-by-Zero in YUV sampling factor validation leads to crash * GraphicsMagick-CVE-2026-25799.patch ++++ kernel-64kb: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-azure: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-default: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-rt: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ curl: - Security fixes: * CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362) * CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363) * CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364) * CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365) * tool_operate: reset the URL --url-query between --next (510fdad) * Add patches: - curl-CVE-2026-1965.patch curl-CVE-2026-1965-disable-ntlm-fix.patch - curl-CVE-2026-3783.patch - curl-CVE-2026-3784.patch - curl-CVE-2026-3805.patch ++++ dtb-aarch64: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ gstreamer-plugins-ugly: - Add patch from upstream to fix a heap-based buffer overflow remote code execution vulnerability on files with more than 32 streams (bsc#1259367, CVE-2026-2920): * 0001-asfdemux-Error-out-on-files-with-more-than-32-streams.patch - Add patch from upstream to check if new video fragment overflows the fragment storage before storing it (bsc#1259370, CVE-2026-2922): * 0002-rmdemux-Check-if-new-video-fragment-overflows-the-fragment.patch * 0003-rmdemux-Avoid-integer-overflow-when-checking-if-enough-data.patch ++++ kernel-source: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-docs: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-kvmsmall: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-obs-build: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-obs-qa: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-syms: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ kernel-zfcpdump: - dm mpath: make pg_init_delay_msecs settable (git-fixes). - commit b2a0fd6 - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - commit d6eb6ea - dm: remove fake timeout to avoid leak request (git-fixes). - commit bf8f04d - add bugnumber to existing mana change (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - commit dde91c8 - btrfs: fallback to buffered IO if the data profile has duplication (git-fixes). - commit c194c61 - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - commit c775b21 - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - commit 9625613 ++++ nvidia-open-driver-G07-signed-cuda: - update CUDA variant to 595.45.04 - supersedes kernel-6.19.patch ++++ nvidia-open-driver-G07-signed: - update CUDA variant to 595.45.04 - supersedes kernel-6.19.patch ++++ openQA: - Update to version 5.1773056733.e071deaf: * feat: allow filtering by job result and state in /tests/latest * style(gitlint): allow unwrappable longer URLs in git commit message body * feat: unify priority management of max_job_time and throttling * ci(helm): pull container images in advance * ci(helm): make sure that install-chart runs after lint-chart * feat: optimize size of devel:openQA:ci/base container * feat: allow users to delete/anonymize their own account ++++ openQA: - Update to version 5.1773068319.a9347c1b: * docs: Link to latest passed job to ensure the download tab exists * feat: allow filtering by job result and state in /tests/latest * style: Always pass a regex match to split * style: Use map only in block form * style: Use grep only in block form * style(gitlint): allow unwrappable longer URLs in git commit message body * feat: unify priority management of max_job_time and throttling * ci(helm): pull container images in advance * ci(helm): make sure that install-chart runs after lint-chart * feat: optimize size of devel:openQA:ci/base container * feat: allow users to delete/anonymize their own account ++++ openQA: - Update to version 5.1773068319.a9347c1b: * docs: Link to latest passed job to ensure the download tab exists * feat: allow filtering by job result and state in /tests/latest * style: Always pass a regex match to split * style: Use map only in block form * style: Use grep only in block form * style(gitlint): allow unwrappable longer URLs in git commit message body * feat: unify priority management of max_job_time and throttling * ci(helm): pull container images in advance * ci(helm): make sure that install-chart runs after lint-chart * feat: optimize size of devel:openQA:ci/base container * feat: allow users to delete/anonymize their own account ++++ os-autoinst: - Update to version 5.1773054031.9ab699d: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * refactor: move scheduling rules out of basetest::is_applicable ++++ os-autoinst: - Update to version 5.1773054031.9ab699d: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * refactor: move scheduling rules out of basetest::is_applicable ++++ os-autoinst: - Update to version 5.1773054031.9ab699d: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * refactor: move scheduling rules out of basetest::is_applicable ++++ python-maturin: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257918) * refreshed vendor tarball to update time crate to 0.3.47 ------------------------------------------------------------------ ------------------ 2026-3-8 - Mar 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-azure: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-default: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-rt: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ dtb-aarch64: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-source: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-docs: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-kvmsmall: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-obs-build: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-obs-qa: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-syms: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ++++ kernel-zfcpdump: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 8d41466 ------------------------------------------------------------------ ------------------ 2026-3-7 - Mar 7 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 140.8.1 ESR * Add mail.openpgp.load_untested_gpgme_version to load untested GPGME version - drop mozilla-bmo1967121.patch because of the upstream change ++++ kernel-64kb: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-azure: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-default: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-rt: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ dtb-aarch64: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-source: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-docs: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-kvmsmall: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-obs-build: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-obs-qa: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-syms: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ kernel-zfcpdump: - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - pmdomain: bcm: bcm2835-power: Fix broken reset status read (git-fixes). - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (git-fixes). - commit a06b327 ++++ tinyproxy: - Update to release 1.11.3 * conf: add BasicAuthRealm feature * basic auth: fix error status 401 vs 407 * tinyproxy.conf.5: explain what a site_spec looks like * tinyproxy.conf.5: add an IPv6 example to allow/deny section * reqs: fix integer overflow in port number processing ------------------------------------------------------------------ ------------------ 2026-3-6 - Mar 6 2026 ------------------- ------------------------------------------------------------------ ++++ rust1.94: - Add rust1.94 - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.93.0 - 0001-Disable-pidfs-tests-for-15SP3.patch: pidfs is not working on 15 sp3 buildhost - 0001-Disable-broken-linker-tests.patch - ignore-Wstring-conversion.patch: avoid using this warning, fails with gcc ++++ kernel-64kb: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-azure: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-default: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-rt: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ dnsdist: - update to 1.9.11: * Add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852, CVE-2025-8671) fix a possible DoS in incoming DoH with nghttp2 (bsc#1250054, CVE-2025-30187) * Fix the IO reentry guard in outgoing DoH ++++ dtb-aarch64: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ go1.26: - go1.26.1 (released 2026-03-05) includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages. Refs boo#1255111 go1.26 release tracking CVE-2026-25679 CVE-2026-27142 CVE-2026-27137 CVE-2026-27138 CVE-2026-27139 * go#77970 go#77578 boo#1259264 security: fix CVE-2026-25679 net/url: reject IPv6 literal not at start of host * go#77972 go#77954 boo#1259265 security: fix CVE-2026-27142 html/template: URLs in meta content attribute actions are not escaped * go#77973 go#77952 boo#1259266 security: fix CVE-2026-27137 crypto/x509: incorrect enforcement of email constraints * go#77974 go#77953 boo#1259267 security: fix CVE-2026-27138 crypto/x509: panic in name constraint checking for malformed certificates * go#77834 go#77827 boo#1259268 security: fix CVE-2026-27139 os: FileInfo can escape from a Root * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing "buf.Bytes()" call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : "tried to free an already free register" with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeFor[untyped nil]() * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration ++++ kernel-source: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-docs: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-kvmsmall: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-obs-build: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-obs-qa: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-syms: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ kernel-zfcpdump: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 41fea09 - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 8e15740 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329 bsc#1255490). - commit b6b73bb - ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173 bsc#1255311). - commit 2eaaeb0 - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186 bsc#1255144). - commit 6132115 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: f81604: correctly anchor the urb in the read bulk callback (git-fixes). - can: usb: f81604: handle bulk write errors properly (git-fixes). - can: usb: f81604: handle short interrupt urb messages properly (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit f8549ba ++++ tomcat: - Update to Tomcat 9.0.115 * Fixed CVEs: + CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371) + CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385) + CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387) * Catalina + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Update the minimum and recommended versions for Tomcat Native to 1.3.4. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names maybe used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 9.0.109 that broke some clustering configurations. (markt) * Coyote + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. (remm) + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. (remm) * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 1.3.5. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) ++++ tomcat10: - Update to Tomcat 10.1.52 * Fixed CVEs: + CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371) + CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385) + CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387) * Catalina + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) + Fix: Log warnings when the SSO configuration does not comply with the documentation. (remm) + Update: Deprecate the RemoteAddrFilter and RemoteAddrValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) + Fix: 69837: Fix corruption of the class path generated by the Loader when running on Windows. (markt) + Fix: Reject requests that map to invalid Windows file names earlier. (markt) + Fix: 69839: Ensure that changes to session IDs (typically after authentication) are promulgated to the SSO Valve to ensure that SSO entries are fully clean-up on session expiration. Patch provided by Kim Johan Andersson. (markt) + Fix: Fix a race condition in the creation of the storage location for the FileStore. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 10.1.45 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. (remm) + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: Fix use of deferAccept attribute in JMX, since it is normally only removed in Tomcat 11. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. (remm) + Fix: 69848: Fix copy/paste errors in 10.1.47 that meant DELETE requests received via the AJP connector were processed as OPTIONS requests and PROPFIND requests were processed as TRACE. (markt) + Fix: Various OCSP processing issues in the OpenSSL FFM code. (dsoumis) * General + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) + Fix: 69845: When using permessage-deflate with Java 25 onwards, handle the underlying Inflater and/or Deflater throwing IllegalStateException when closed rather than NullPointerException as they do in Java 24 and earlier. (markt) * Other + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) ++++ tomcat11: - Update to Tomcat 11.0.18 - adapt tomcat-jdt.patch * Fixed CVEs: + CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371) + CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385) + CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387) * Catalina + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 11.0.11 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. (remm) + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. (remm) * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update to the Eclipse JDT compiler 4.37. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to the Eclipse JDT compiler 4.37. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations provided by tak7iji. (markt) ------------------------------------------------------------------ ------------------ 2026-3-5 - Mar 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-azure: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-default: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-rt: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ cockpit-client-launcher: - Add dependency on a cockpit-system Required in case that patterns-cockpit is not installed - Rename cockpit-client.changes to cockpit-client-launcher.changes Found by factory-auto ++++ dtb-aarch64: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-source: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-docs: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-kvmsmall: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-obs-build: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-obs-qa: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-syms: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ kernel-zfcpdump: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit a1cc877 - libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047 bsc#1257682). - commit 3225b77 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142 bsc#1258289). - commit 217a6fd - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure (git-fixes). - commit c642652 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144 bsc#1258290). - commit c7e0495 - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed (git-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - commit 56b85e5 - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: 8922a: add digital compensation for 2GHz (stable-fixes). - wifi: rtw89: fix unable to receive probe responses under MLO connection (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - commit 4df290e - rtc: zynqmp: correct frequency value (stable-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - watchdog: starfive-wdt: Fix PM reference leak in probe error path (git-fixes). - watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - power: sequencing: fix missing state_lock in pwrseq_power_on() error path (stable-fixes). - spi: geni-qcom: Fix abort sequence execution for serial engine errors (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - powercap: intel_rapl: Add PL4 support for Ice Lake (stable-fixes). - commit a96ba92 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 41bad5b - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: cadence-torrent: restore parent clock for refclk during resume (stable-fixes). - phy: ti: phy-j721e-wiz: restore mux selection during resume (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - PCI: Add Intel Nova Lake audio Device ID (stable-fixes). - commit 52ffef7 - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: ipu6: Always close firmware stream (stable-fixes). - media: ipu6: Close firmware streams on streaming enable failure (stable-fixes). - media: ipu6: Ensure stream_mutex is acquired when dealing with node list (stable-fixes). - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found (stable-fixes). - media: mt9m114: Avoid a reset low spike during probe() (stable-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: mediatek: vcodec: Don't try to decode 422/444 VP9 (stable-fixes). - media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder (stable-fixes). - media: chips-media: wave5: Fix conditional in start_streaming (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA (stable-fixes). - mfd: simple-mfd-i2c: Add MAX77705 support (stable-fixes). - commit 26d6095 - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - HID: i2c-hid: Add FocalTech FT8112 (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: logitech-hidpp: Add support for Logitech K980 (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification (git-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7080 (stable-fixes). - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - hwrng: core - Allow runtime disabling of the HW RNG (stable-fixes). - hwmon: pmbus: mpq8785: Add support for MPM82504 (stable-fixes). - hwmon: pmbus: mpq8785: Implement VOUT feedback resistor divider ratio configuration (stable-fixes). - hwmon: pmbus: mpq8785: Prepare driver for multiple device support (stable-fixes). - commit 755fe92 - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - commit 2524956 - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - Refresh patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch. - commit 689b272 - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - commit 4836e0c - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - dmaengine: stm32-dma3: use module_platform_driver (stable-fixes). - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails (git-fixes). - crypto: ccp - Factor out ring destroy handling to a helper (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: btusb: Add support for MediaTek7920 0489:e158 (stable-fixes). - ASoC: fsl: imx-rpmsg: use snd_soc_find_dai_with_mutex() in probe (stable-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: soc-acpi-intel-arl-match: change rt722 amp endpoint to aggregated (stable-fixes). - ASoC: SOF: Intel: hda: Remove MODULE_SOFTDEP for snd-hda-codec-hdmi (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET (stable-fixes). - crypto: hisilicon/qm - move the barrier before writing to the mailbox register (stable-fixes). - crypto: ccp - narrow scope of snp_range_list (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (stable-fixes). - commit ef48f01 - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 (stable-fixes). - ALSA: mixer: oss: Add card disconnect checkpoints (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek: fix LG Gram Style 14 speakers (stable-fixes). - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk (stable-fixes). - ALSA: pcm: Revert bufs move in snd_pcm_xfern_frames_ioctl() (stable-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - ALSA: pcm: Relax __free() variable declarations (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPI: battery: fix incorrect charging status when current is zero (stable-fixes). - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] (stable-fixes). - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - commit 119c4f9 - net: usb: sr9700: remove code to drive nonexistent multicast filter (git-fixes). - commit 5659850 - net: usb: r8152: fix transmit queue timeout (git-fixes). - commit cd570dd - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() (git-fixes). - commit 56a794c - usb: gadget: f_fs: fix DMA-BUF OUT queues (git-fixes). - commit 185e5e6 - usb: gadget: f_fs: Fix ioctl error handling (git-fixes). - commit f20163c - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - commit 10c0ad8 - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure (git-fixes) - commit 8f51ada - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes) - commit b76bf6c - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes) - commit c1581a2 - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes) - commit 47ade1e - arm64: hugetlbpage: avoid unused-but-set-parameter warning (gcc-16) (git-fixes) - commit c2e347e - arm64: tegra: smaug: Add usb-role-switch support (git-fixes) - commit 2aec3f9 - arm64: Disable branch profiling for all arm64 code (git-fixes) - commit 20e29ae - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes) - commit 7b883f1 - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Add support for handling UART error conditions (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI/AER: Clear stale errors on reporting agents upon probe (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - commit 87922f3 - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit ece2971 ++++ openexr: - added patches CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177) * openexr-CVE-2026-27622.patch ++++ maven-shade-plugin: - Upgrade to upstream version 3.6.2 * Bug Fixes + Extra JARs and Artifacts were not subjected to filtering * Maintenance + Drop excessive dependencies + chore: remove junit3 reference + Exclude Java 25 + Update site descriptor, use site configuration from parent * Dependency updates + Drop unneeded dependencies + Update to parent POM v 47 + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.3.0 to 3.5.1 + Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 + Bump asmVersion from 9.8 to 9.9.1 + Update invoker plugin to 3.9.1 to Support Java 25 + Bump org.xmlunit:xmlunit-legacy from 2.10.3 to 2.11.0 + Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 + Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 ++++ nvidia-open-driver-G07-signed-cuda: - kernel-5.14.patch: fixed build of 595.45.04 driver on SP4 ++++ nvidia-open-driver-G07-signed: - kernel-5.14.patch: fixed build of 595.45.04 driver on SP4 ++++ openQA: - Update to version 5.1772722702.3877b2ca: * style: Use builtin functions without parentheses consistently * build: update minimatch to fix ReDoS vulnerabilities - Update to version 5.1772705410.5c7fe0aa: * style(t): fix formatting of long line in t/37-limit_assets.t * test(Makefile): treat t/01-style consistently with tidy+compile tests * ci: cover sporadic download errors with retries * feat: support show_build=1 for overview badges ++++ openQA: - Update to version 5.1772722702.3877b2ca: * style: Use builtin functions without parentheses consistently * build: update minimatch to fix ReDoS vulnerabilities - Update to version 5.1772705410.5c7fe0aa: * style(t): fix formatting of long line in t/37-limit_assets.t * test(Makefile): treat t/01-style consistently with tidy+compile tests * ci: cover sporadic download errors with retries * feat: support show_build=1 for overview badges ++++ openQA: - Update to version 5.1772722702.3877b2ca: * style: Use builtin functions without parentheses consistently * build: update minimatch to fix ReDoS vulnerabilities - Update to version 5.1772705410.5c7fe0aa: * style(t): fix formatting of long line in t/37-limit_assets.t * test(Makefile): treat t/01-style consistently with tidy+compile tests * ci: cover sporadic download errors with retries * feat: support show_build=1 for overview badges ++++ os-autoinst: - Update to version 5.1772663930.9a9bd7d: * feat: add EXIT_AFTER_MODULE to stop after a specified module * fix: Update gre_tunnel_preup script to support NetworkManager * feat: Handle timeout when typing command in `background_script_run` * feat: Allow opting-out of check when typing command in `script_run` * feat: Handle timeout when typing command in `script_run` * test: implement conventional commits check with gitlint ++++ os-autoinst: - Update to version 5.1772729929.93a4b15: * feat: normalize gre tunnel script for NetworkManager and wicked * refactor: use more Mojo::File operations in commands.pm * refactor: use more Mojo::File operations in bmwqemu.pm * refactor: use more Mojo::File operations in t/ * refactor: move scheduling rules out of basetest::is_applicable * feat: add EXIT_AFTER_MODULE to stop after a specified module - Update to version 5.1772663930.9a9bd7d: * feat: add EXIT_AFTER_MODULE to stop after a specified module * fix: Update gre_tunnel_preup script to support NetworkManager * feat: Handle timeout when typing command in `background_script_run` * feat: Allow opting-out of check when typing command in `script_run` * feat: Handle timeout when typing command in `script_run` * test: implement conventional commits check with gitlint ++++ os-autoinst: - Update to version 5.1772729929.93a4b15: * feat: normalize gre tunnel script for NetworkManager and wicked * refactor: use more Mojo::File operations in commands.pm * refactor: use more Mojo::File operations in bmwqemu.pm * refactor: use more Mojo::File operations in t/ * refactor: move scheduling rules out of basetest::is_applicable * feat: add EXIT_AFTER_MODULE to stop after a specified module - Update to version 5.1772663930.9a9bd7d: * feat: add EXIT_AFTER_MODULE to stop after a specified module * fix: Update gre_tunnel_preup script to support NetworkManager * feat: Handle timeout when typing command in `background_script_run` * feat: Allow opting-out of check when typing command in `script_run` * feat: Handle timeout when typing command in `script_run` * test: implement conventional commits check with gitlint ++++ os-autoinst: - Update to version 5.1772729929.93a4b15: * feat: normalize gre tunnel script for NetworkManager and wicked * refactor: use more Mojo::File operations in commands.pm * refactor: use more Mojo::File operations in bmwqemu.pm * refactor: use more Mojo::File operations in t/ * refactor: move scheduling rules out of basetest::is_applicable * feat: add EXIT_AFTER_MODULE to stop after a specified module - Update to version 5.1772663930.9a9bd7d: * feat: add EXIT_AFTER_MODULE to stop after a specified module * fix: Update gre_tunnel_preup script to support NetworkManager * feat: Handle timeout when typing command in `background_script_run` * feat: Allow opting-out of check when typing command in `script_run` * feat: Handle timeout when typing command in `script_run` * test: implement conventional commits check with gitlint ------------------------------------------------------------------ ------------------ 2026-3-4 - Mar 4 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation ++++ chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation ++++ chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation ++++ chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation ++++ chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation ++++ kernel-64kb: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-azure: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-default: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-rt: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ dtb-aarch64: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ exiv2: - update to 0.28.8 (bsc#1259083, CVE-2026-25884, bsc#1259085, CVE-2026-27631, bsc#1259084, CVE-2026-27596): * [CVE-2026- 25884](https://github.com/Exiv2/exiv2/security/advisories/GHS A-9mxq-4j5g-5wrp) * [CVE-2026- 27596](https://github.com/Exiv2/exiv2/security/advisories/GHS A-3wgv-fg4w-75x7) * [CVE-2026- 27631](https://github.com/Exiv2/exiv2/security/advisories/GHS A-p2pw-7935-c73j) ++++ vim: * Update Vim to version 9.2.0045 (from 9.1.1406). * Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed upstream). * Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed upstream). * Add wayland-client to BuildRequires and enable Wayland support. * Add Wayland include path to CFLAGS to fix clipboard compilation. * Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8). * Add new patch: - reorder-exit-raw-mode.patch * Drop obsolete or upstreamed patches: - vim-7.3-filetype_spec.patch - vim-7.3-mktemp_tutor.patch - vim-7.4-filetype_apparmor.patch - vim-8.2.2411-globalvimrc.patch * Refresh the following patches: - vim-7.3-filetype_changes.patch - vim-7.3-filetype_ftl.patch - vim-7.3-sh_is_bash.patch - vim-9.1.1134-revert-putty-terminal-colors.patch ++++ kernel-source: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-docs: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-kvmsmall: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-obs-build: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-obs-qa: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-syms: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ kernel-zfcpdump: - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit f4ffe72 - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - commit 6367118 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit c6696d4 ++++ vlc: - Obsolete vlc-vdpau by the -noX package when building without vlc support. ++++ mdadm: - Update to version 4.4+40.gad81df32: * avoid mdcheck_continue.timer and mdcheck_start.timer firing simultaneously (bsc#1243443, bsc#1259090) ++++ python-Django: - Add security patch CVE-2026-25674.patch (bsc#1259142) ++++ python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service (bsc#1259154) * added CVE-2026-27932.patch ++++ salt: - Make syntax in httputil_test compatible with Python 3.6 - Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Speed up wheel key.finger call (bsc#1240532) - Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) - Simplify and speed up utils.find_json function (bsc#1246130) - Extend warn_until period to 2027 - Added: * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch * backport-add-maintain-m-privilege-to-postgres-module.patch * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch * speedup-wheel-key.finger-call-bsc-1240532-713.patch * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch * simplify-utils.json.find_json-function.patch * extend-fails-to-warnings-until-2027-742.patch ++++ salt-test: - Make syntax in httputil_test compatible with Python 3.6 - Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Speed up wheel key.finger call (bsc#1240532) - Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) - Simplify and speed up utils.find_json function (bsc#1246130) - Extend warn_until period to 2027 - Added: * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch * backport-add-maintain-m-privilege-to-postgres-module.patch * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch * speedup-wheel-key.finger-call-bsc-1240532-713.patch * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch * simplify-utils.json.find_json-function.patch * extend-fails-to-warnings-until-2027-742.patch ------------------------------------------------------------------ ------------------ 2026-3-3 - Mar 3 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - added patches CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018) * ImageMagick-CVE-2026-27798.patch CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017) * ImageMagick-CVE-2026-27799.patch ++++ ImageMagick: - added patches CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018) * ImageMagick-CVE-2026-27798.patch CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017) * ImageMagick-CVE-2026-27799.patch ++++ kernel-64kb: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-azure: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-default: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-rt: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ dtb-aarch64: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-source: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-docs: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-kvmsmall: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-obs-build: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-obs-qa: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-syms: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ kernel-zfcpdump: - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 8109677 - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - commit 8dac8cc - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590 CVE-2025-39753). - commit e7cde82 ++++ openQA: - Update to version 5.1772536058.8ca2d170: * fix(config): Drop max_conns to allow proper queueing * refactor: Improve code in `renderTestLists()` * feat: Pass all parameters when making AJAX requests on "All tests" page * feat: Allow use of `job_setting` parameter also on "All tests" page * refactor: Simplify code for passing query parameters on "All tests" * fix(dependencies): add missing "make" to devel sub-package * test: remove stabilized tests from tools/unstable_tests.txt * test(lib): remove unused "disconnect" function * test(lib): mark uncovered line * build(Makefile): add make target help text * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632) ++++ openQA: - Update to version 5.1772550094.48b5cce5: * refactor: Improve code for testing OpenID auth * test: Consider everything under `lib/OpenQA/WebAPI/` covered * test: Cover all code for OpenID auth * test: Cover retrying of OBS rsync tasks * fix: Return correctly when OBS dirty status cannot be determined * refactor: Remove unused local variable in OBS rsync code * test: Cover parameter validation warnings code for API descriptions * fix(config): Drop max_conns to allow proper queueing * refactor: Improve code in `renderTestLists()` * feat: Pass all parameters when making AJAX requests on "All tests" page * feat: Allow use of `job_setting` parameter also on "All tests" page * refactor: Simplify code for passing query parameters on "All tests" * fix(dependencies): add missing "make" to devel sub-package * test: remove stabilized tests from tools/unstable_tests.txt * test(lib): remove unused "disconnect" function * test(lib): mark uncovered line ++++ openQA: - Update to version 5.1772550094.48b5cce5: * refactor: Improve code for testing OpenID auth * test: Consider everything under `lib/OpenQA/WebAPI/` covered * test: Cover all code for OpenID auth * test: Cover retrying of OBS rsync tasks * fix: Return correctly when OBS dirty status cannot be determined * refactor: Remove unused local variable in OBS rsync code * test: Cover parameter validation warnings code for API descriptions * fix(config): Drop max_conns to allow proper queueing * refactor: Improve code in `renderTestLists()` * feat: Pass all parameters when making AJAX requests on "All tests" page * feat: Allow use of `job_setting` parameter also on "All tests" page * refactor: Simplify code for passing query parameters on "All tests" * fix(dependencies): add missing "make" to devel sub-package * test: remove stabilized tests from tools/unstable_tests.txt * test(lib): remove unused "disconnect" function * test(lib): mark uncovered line ++++ openQA: - Update to version 5.1772550094.48b5cce5: * refactor: Improve code for testing OpenID auth * test: Consider everything under `lib/OpenQA/WebAPI/` covered * test: Cover all code for OpenID auth * test: Cover retrying of OBS rsync tasks * fix: Return correctly when OBS dirty status cannot be determined * refactor: Remove unused local variable in OBS rsync code * test: Cover parameter validation warnings code for API descriptions * fix(config): Drop max_conns to allow proper queueing * refactor: Improve code in `renderTestLists()` * feat: Pass all parameters when making AJAX requests on "All tests" page * feat: Allow use of `job_setting` parameter also on "All tests" page * refactor: Simplify code for passing query parameters on "All tests" * fix(dependencies): add missing "make" to devel sub-package * test: remove stabilized tests from tools/unstable_tests.txt * test(lib): remove unused "disconnect" function * test(lib): mark uncovered line ------------------------------------------------------------------ ------------------ 2026-3-2 - Mar 2 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - fix CVE-2026-25966 (bsc#1258780), forbid to use fd handler - package SUSE security policy staticaly instead of patching the upstream one (it is static anyway) - deleted patches * ImageMagick-configuration-SUSE.patch (not needed) - added sources * ImageMagick-SUSE-security-policy.xml - apply ImageMagick_policy_etc.patch in all flavors, as intended ++++ ImageMagick: - fix CVE-2026-25966 (bsc#1258780), forbid to use fd handler - package SUSE security policy staticaly instead of patching the upstream one (it is static anyway) - deleted patches * ImageMagick-configuration-SUSE.patch (not needed) - added sources * ImageMagick-SUSE-security-policy.xml - apply ImageMagick_policy_etc.patch in all flavors, as intended ++++ agama-products: - Update translations (gh#agama-project/agama#3228). ++++ kernel-64kb: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-azure: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-default: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-rt: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ cockpit-client-launcher: - Mention multiple password prompts in the zenity dialog. Once for cockpit.socket enablement and once for firewall config - Add zenity dialog for starting cockpit if it's not running friendly ask user for the firwall configuration. Related to jsc#CPT-148 ++++ dtb-aarch64: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-source: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-docs: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-kvmsmall: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-obs-build: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-obs-qa: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-syms: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ kernel-zfcpdump: - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit ac77228 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (CVE-2026-23148 bsc#1258258). - commit 9bda130 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit efcbeaa - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - commit dd0c54b - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit ff9d60e - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - commit 984835c - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (CVE-2026-23189 bsc#1258308). - commit 51b8eb2 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-aloop-Fix-racy-access-at-PCM-trigger.patch (stable-fixes CVE-2026-23191 bsc#1258395). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ALSA-usb-audio-Fix-use-after-free-in-snd_usb_mixer_f.patch (git-fixes CVE-2026-23089 bsc#1257790). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/PCI-endpoint-Avoid-creating-sub-groups-asynchronousl.patch (git-fixes CVE-2025-71233 bsc#1258421). - Update patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch (git-fixes CVE-2026-23128 bsc#1258298). - Update patches.suse/btrfs-always-detect-conflicting-inodes-when-logging-.patch (git-fixes CVE-2025-71183 bsc#1257631). - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/btrfs-fix-deadlock-in-wait_current_trans-due-to-igno.patch (git-fixes CVE-2025-71194 bsc#1257687). - Update patches.suse/btrfs-release-path-before-initializing-extent-tree-i.patch (git-fixes CVE-2026-23018 bsc#1257551). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-URB-memo.patch (git-fixes CVE-2026-23031 bsc#1257600). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch (git-fixes CVE-2026-23060 bsc#1257735). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-stm32-dmamux-fix-device-leak-on-route-allo.patch (git-fixes CVE-2025-71186 bsc#1257565). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amd-pm-Disable-MMIO-access-during-SMU-Mode-1-res.patch (stable-fixes CVE-2026-23213 bsc#1258465). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/gpio-virtuser-fix-UAF-in-configfs-release-path.patch (git-fixes CVE-2026-23158 bsc#1258323). - Update patches.suse/i2c-riic-Move-suspend-handling-to-NOIRQ-phase.patch (git-fixes CVE-2026-23055 bsc#1257730). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/interconnect-debugfs-initialize-src_node-and-dst_nod.patch (git-fixes CVE-2026-23123 bsc#1258276). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mm-shmem-prevent-infinite-loop-on-truncate-race.patch (CVE-2026-23161 bsc#1258355 CVE-2026-23177 bsc#1258324). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-usb-r8152-fix-resume-reset-deadlock.patch (git-fixes CVE-2026-23188 bsc#1258331). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/nfsd-provide-locking-for-v4_end_grace.patch (git-fixes CVE-2026-22980 bsc#1257222). - Update patches.suse/of-unittest-Fix-memory-leak-in-unittest_data_add.patch (git-fixes CVE-2026-23137 bsc#1258232). - Update patches.suse/pNFS-Fix-a-deadlock-when-returning-a-delegation-during-open.patch (git-fixes CVE-2026-23050 bsc#1257688). - Update patches.suse/phy-rockchip-inno-usb2-Fix-a-double-free-bug-in-rock.patch (git-fixes CVE-2026-23030 bsc#1257561). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch (git-fixes CVE-2026-23065 bsc#1257742). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch (git-fixes CVE-2026-23062 bsc#1257734). - Update patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch (git-fixes CVE-2026-23131 bsc#1258297). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch (git-fixes CVE-2026-23038 bsc#1257553). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Sanitize-payload-size-to-prevent-member.patch (git-fixes CVE-2026-23059 bsc#1257737). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256865 bsc#1256867 jsc#PED-14156 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch (bsc#1250748 bsc#1257154 CVE-2026-23230 bsc#1258430). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 154bcac - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - commit 15d3820 - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - commit f730886 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 176c45b - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 1544b30 - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - commit 24b0d4e - sched/fair: Fix pelt lost idle time detection (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634 (Scheduler functional and performance backports SL-16.0)). - sched/deadline: Fix race in push_dl_task() (bsc#1234634 (Scheduler functional and performance backports)). - commit b3c53c0 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group (git-fixes). - commit 91bddd0 ++++ mapserver: - Update to release 8.6.0 * Add `CONNECTIONTYPE RASTERLABEL` * Set `MS_LEGEND_KEYSIZE_MAX` to 1000 * Add 4 new `COMPOSITE.COMPOP` blending operations * Allow encryption key files to use paths relative to a mapfile * Allow `use_default_extent_for_getfeature` to be used for OGC Features API and PostGIS * Allow append of additional query parameters for OGCAPI * New MapServer index page * WMS `GetFeatureInfo`: add options to precisely identify points through their symbols * Add `FALLBACK` parameter for the `CLASS` object, to be applied if none of the previously defined classes has been applied ++++ systemd: - Import commit 3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654 (merge of v257.11) This merge includes the following fix: 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/358010e6e90269570025c598b1430afa1e2ff6ca...3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654 ++++ maven-filtering: - Upgrade to upstream version 3.5.0 * New features and improvements + Introduce ChangeDetection + Use Release Drafter from shared and improvements * Bug Fixes + Issue 289: filter file names one component at a time on 3.x branch * Maintenance + Update site descriptor + Cleanup tests + Enable Github Issues (3.x) + Add PR Automation * Dependency updates + Bump org.apache.maven.shared:maven-shared-components from 43 to 47 + Bump org.codehaus.plexus:plexus-testing from 1.3.0 to 2.1.0 + Bump Maven to 3.9.12 + Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.20.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.29 + Bump commons-io:commons-io from 2.16.1 to 2.21.0 + Bump org.hamcrest:hamcrest from 2.2 to 3.0 ++++ maven-resources-plugin: - Upgrade to version 3.5.0 * New features and improvements + Bug: use change detecton strategies * Maintenance + Add IT for #444 issue + Migration to JUnit 5 - avoid using AbstractMojoTestCase + Cleanup deps * Dependency updates + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.4.0 to 3.5.1 + Bump org.apache.maven.plugins:maven-plugins from 45 to 47 + Bump mavenVersion from 3.9.11 to 3.9.12 ++++ maven-resources-plugin-bootstrap: - Upgrade to version 3.5.0 * New features and improvements + Bug: use change detecton strategies * Maintenance + Add IT for #444 issue + Migration to JUnit 5 - avoid using AbstractMojoTestCase + Cleanup deps * Dependency updates + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.4.0 to 3.5.1 + Bump org.apache.maven.plugins:maven-plugins from 45 to 47 + Bump mavenVersion from 3.9.11 to 3.9.12 ++++ openQA: - Update to version 5.1772460208.7a4e1e06: * docs: Document array-like job settings and `job_setting` parameter * test: Ensure test of filter params of jobs API fails if code breaks * feat: Support searching by job settings in API to list jobs * refactor: Improve `cancel_by_settings` * fix: Allow filtering by more than one job setting in various routes * test: Improve checks in `t/api/02-iso.t` * feat: Allow searching by job settings via overview routes * style: use consistent q{} syntax for SQL strings in Cache Model * refactor: streamline IPC::Run usage and signal handling * test: remove t/25-cache-service.t from unstable_tests.txt * test: improve robustness of t/25-cache-service.t * test: refactor InfluxDB subtest to reduce duplication * test: improve infrastructure for t/25-cache-service.t * fix: improve database robustness in Cache model * fix: log rsync stderr in CacheService::Task::Sync * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for * fix(cache): capture stderr and handle exit status robustly in Sync task * test: make SIGCHLD handler selective in OpenQA::Test::Utils * docs: document aggregate result badges for overview queries ++++ openQA: - Update to version 5.1772475695.6c6c7eda: * build(Makefile): add make target help text * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632) - Update to version 5.1772460208.7a4e1e06: * docs: Document array-like job settings and `job_setting` parameter * test: Ensure test of filter params of jobs API fails if code breaks * feat: Support searching by job settings in API to list jobs * refactor: Improve `cancel_by_settings` * fix: Allow filtering by more than one job setting in various routes * test: Improve checks in `t/api/02-iso.t` * feat: Allow searching by job settings via overview routes * style: use consistent q{} syntax for SQL strings in Cache Model * refactor: streamline IPC::Run usage and signal handling * test: remove t/25-cache-service.t from unstable_tests.txt * test: improve robustness of t/25-cache-service.t * test: refactor InfluxDB subtest to reduce duplication * test: improve infrastructure for t/25-cache-service.t * fix: improve database robustness in Cache model * fix: log rsync stderr in CacheService::Task::Sync * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for * fix(cache): capture stderr and handle exit status robustly in Sync task * test: make SIGCHLD handler selective in OpenQA::Test::Utils * docs: document aggregate result badges for overview queries ++++ openQA: - Update to version 5.1772475695.6c6c7eda: * build(Makefile): add make target help text * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632) - Update to version 5.1772460208.7a4e1e06: * docs: Document array-like job settings and `job_setting` parameter * test: Ensure test of filter params of jobs API fails if code breaks * feat: Support searching by job settings in API to list jobs * refactor: Improve `cancel_by_settings` * fix: Allow filtering by more than one job setting in various routes * test: Improve checks in `t/api/02-iso.t` * feat: Allow searching by job settings via overview routes * style: use consistent q{} syntax for SQL strings in Cache Model * refactor: streamline IPC::Run usage and signal handling * test: remove t/25-cache-service.t from unstable_tests.txt * test: improve robustness of t/25-cache-service.t * test: refactor InfluxDB subtest to reduce duplication * test: improve infrastructure for t/25-cache-service.t * fix: improve database robustness in Cache model * fix: log rsync stderr in CacheService::Task::Sync * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for * fix(cache): capture stderr and handle exit status robustly in Sync task * test: make SIGCHLD handler selective in OpenQA::Test::Utils * docs: document aggregate result badges for overview queries ++++ openQA: - Update to version 5.1772475695.6c6c7eda: * build(Makefile): add make target help text * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632) - Update to version 5.1772460208.7a4e1e06: * docs: Document array-like job settings and `job_setting` parameter * test: Ensure test of filter params of jobs API fails if code breaks * feat: Support searching by job settings in API to list jobs * refactor: Improve `cancel_by_settings` * fix: Allow filtering by more than one job setting in various routes * test: Improve checks in `t/api/02-iso.t` * feat: Allow searching by job settings via overview routes * style: use consistent q{} syntax for SQL strings in Cache Model * refactor: streamline IPC::Run usage and signal handling * test: remove t/25-cache-service.t from unstable_tests.txt * test: improve robustness of t/25-cache-service.t * test: refactor InfluxDB subtest to reduce duplication * test: improve infrastructure for t/25-cache-service.t * fix: improve database robustness in Cache model * fix: log rsync stderr in CacheService::Task::Sync * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for * fix(cache): capture stderr and handle exit status robustly in Sync task * test: make SIGCHLD handler selective in OpenQA::Test::Utils * docs: document aggregate result badges for overview queries ++++ openssh: - Add openssh-7.7p1-gssapi-new-unique.patch (bsc#1258166). This allows using SSSD with a non-file backend. ++++ python-PyPDF2: - Add security patches: * CVE-2026-27628.patch (bsc#1258940) * CVE-2026-27888.patch (bsc#1258934) ++++ python-PyPDF2: - Add security patches: * CVE-2026-27628.patch (bsc#1258940) * CVE-2026-27888.patch (bsc#1258934) ++++ python-PyPDF2: - Add security patches: * CVE-2026-27628.patch (bsc#1258940) * CVE-2026-27888.patch (bsc#1258934) ++++ python-PyPDF2: - Add security patches: * CVE-2026-27628.patch (bsc#1258940) * CVE-2026-27888.patch (bsc#1258934) ++++ python-uv: - CVE-2025-13327: reject ZIP archives with improbable filenames (bsc#1258993) Add CVE-2025-13327.patch upstream patch and revendor. ++++ virtiofsd: - Add CVE-2026-25727.patch: Avoid denial of service when parsing Rfc2822(bsc#1257912 CVE-2026-25727). ------------------------------------------------------------------ ------------------ 2026-3-1 - Mar 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-azure: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-default: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-rt: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ dtb-aarch64: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-source: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-docs: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-kvmsmall: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-obs-build: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-obs-qa: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-syms: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ++++ kernel-zfcpdump: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 4755249 ------------------------------------------------------------------ ------------------ 2026-2-28 - Feb 28 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-azure: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-default: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-rt: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ dtb-aarch64: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ gvfs: - Update to version 1.59.90: + client: Fix use-after-free when creating async proxy failed + udisks2: Emit changed signals from update_all() + daemon: Fix race on subscribers list when on thread + ftp: Validate fe_size when parsing symlink target + ftp: Check localtime() return value before use + gphoto2: Use g_try_realloc() instead of g_realloc() + cdda: Reject path traversal in mount URI host + client: Fail when URI has invalid UTF-8 chars + udisks2: Fix memory corruption with duplicate mount paths + build: Update GOA dependency to > 3.57.0 + Some other fixes + ftp: Use control connection address for PASV data. (CVE-2026-28295, bsc#1258953) + ftp: Reject paths containing CR/LF characters (CVE-2026-28296, bsc#1258954) - Update to version 1.59.1: + mtp: replace Android extension checks with capability checks + dav: Add X-OC-Mtime header on push to preserve last modified time + udisks2: Use hash tables in the volume monitor to improve performance + onedrive: Check for identity instead of presentation identity + build: Disable google option and mark as deprecated - Guard google build behind a bcond to easily enable it. Disabled by upstream as this depends on unmaintained libgdata and libsoup2. - Update to version 1.58.2: + client: Fix use-after-free when creating async proxy failed + daemon: Fix race on subscribers list when on thread + ftp: Validate fe_size when parsing symlink target + ftp: Check localtime() return value before use + CVE-2026-28295: ftp: Use control connection address for PASV data + CVE-2026-28296: ftp: Reject paths containing CR/LF characters + gphoto2: Use g_try_realloc() instead of g_realloc() + cdda: Reject path traversal in mount URI host + client: Fail when URI has invalid UTF-8 chars + Some other fixes ++++ kernel-source: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-docs: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-kvmsmall: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-obs-build: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-obs-qa: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-syms: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ++++ kernel-zfcpdump: - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - commit baf5092 - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 1958ad9 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit 65e48f9 ------------------------------------------------------------------ ------------------ 2026-2-27 - Feb 27 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - added patches CVE-2026-25971: Stack overflow in ProcessMSLScript (bsc#1258774) * ImageMagick-CVE-2026-25971.patch ++++ ImageMagick: - added patches CVE-2026-25971: Stack overflow in ProcessMSLScript (bsc#1258774) * ImageMagick-CVE-2026-25971.patch ++++ kernel-64kb: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-azure: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-default: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-rt: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ dtb-aarch64: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-source: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-docs: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-kvmsmall: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-obs-build: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-obs-qa: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-syms: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ kernel-zfcpdump: - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - netlink: specs: fou: change local-v6/peer-v6 check (CVE-2026-23083 bsc#1257745). - tools: ynl-gen: use big-endian netlink attribute types (CVE-2026-23083 bsc#1257745). - commit 3712b18 - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit f7db582 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit a2cf5ae - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit cd64e0b ++++ modello: - Upgrade to upstream version 2.6.0 * New features and improvements + Fix XSD generator to respect required field attribute + Give access to XmlModelMetadata from velocity helper + Fix multiplicity=1 for simple type associations in Reader/Writer generators * Bug Fixes + Fix Root class name conflict in JDOM writer generator * Maintenance + chore: migrate junit 3 test to junit4 * Dependency updates + Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.21.0 + Bump org.codehaus.plexus:plexus-testing from 1.5.0 to 2.1.0 + Bump org.codehaus.plexus:plexus from 22 to 25 + Bump org.jsoup:jsoup from 1.20.1 to 1.22.1 + Bump plexus.compiler.version from 2.15.0 to 2.16.1 + Downgrade Guice to 5.1.0 + Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.11.0 + Bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 + Bump org.yaml:snakeyaml from 2.4 to 2.5 ++++ modello-maven-plugin: - Upgrade to upstream version 2.6.0 * New features and improvements + Fix XSD generator to respect required field attribute + Give access to XmlModelMetadata from velocity helper + Fix multiplicity=1 for simple type associations in Reader/Writer generators * Bug Fixes + Fix Root class name conflict in JDOM writer generator * Maintenance + chore: migrate junit 3 test to junit4 * Dependency updates + Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.21.0 + Bump org.codehaus.plexus:plexus-testing from 1.5.0 to 2.1.0 + Bump org.codehaus.plexus:plexus from 22 to 25 + Bump org.jsoup:jsoup from 1.20.1 to 1.22.1 + Bump plexus.compiler.version from 2.15.0 to 2.16.1 + Downgrade Guice to 5.1.0 + Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.11.0 + Bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 + Bump org.yaml:snakeyaml from 2.4 to 2.5 ++++ ocaml: - Add CVE-2026-28364.patch (bsc#1258992) * Fixes CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution ++++ plexus-compiler: - Upgrade to upstream release 2.16.2 * Bug Fixes + Fixed ConcurrentModificationException on compilerArguments * Dependency updates + Bump org.codehaus.plexus:plexus from 24 to 25 + Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.1.0 + Bump actions/checkout from 4 to 6 + Bump org.eclipse.jdt:ecj from 3.43.0 to 3.44.0 - Upgrade to upstream release 2.16.1 * Bug Fixes + Fix detecting java version for JDK 1.8 + #420: fix detection of java version when JAVA_TOOL_OPTIONS is set * Dependency updates + Bump actions/checkout from 5 to 6 - Upgrade to upstream release 2.16.0 * New features and improvements + Added 3 MSVC csharp compiler options + Bump ErrorProne to 2.37.0 - requires Java 17 * Bug Fixes + Fix Zip Slip vulnerability in JAR extraction + Fixed wrong excludes management * Maintenance + Replace FileUtils.deleteDirectory(File) with JDK provided API + chore: remove junit3 references + Update Java version checks to include JDK 25 + Include JDK 24 in CI + Apply spotless re-formatting + Create codeql.yml + Pass tests with Java 22 and 23 * Dependency updates + Bump com.google.guava:guava to 33.5.0-jre + Bump eclipse.sisu.version from 0.9.0.M3 to 0.9.0.M4 + Bump org.codehaus.plexus:plexus to 24 + Bump org.codehaus.plexus:plexus-testing to 2.0.1 + Bump org.codehaus.plexus:plexus-utils to 4.0.2 + Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 + Bump org.eclipse.jdt:ecj to 3.43.0 + Bump org.hamcrest:hamcrest from 2.2 to 3.0 ++++ plexus-interactivity: - Upgrade to version 1.5.1 * Dependency updates + Downgrade to Guice 5.1.0 + Bump org.codehaus.plexus:plexus to 24 + Bump org.jline:jline-reader to 3.30.6 + Bump org.eclipse.sisu:org.eclipse.sisu.inject to 0.9.0.M4 * Maintenance + JUnit Jupiter best practices ++++ plexus-io: - Upgrade to version 3.6.0 * Maintenance + JUnit Jupiter best practices + Replace FileUtils.deleteDirectory(File) with JDK provided API + Close DeferredFileOutputStream to prevent FileNotFoundException on temp files + Handle IOException when retrieving file ownership on WSL2 network drives * Dependency updates + Bump org.codehaus.plexus:plexus-testing to 2.0.1 + Bump org.codehaus.plexus:plexus from 23 to 24 - Upgrade to version 3.5.2 * Dependency updates + Bump org.codehaus.plexus:plexus from 18 to 23 + Bump eclipseSisuVersion from 0.9.0.M3 to 0.9.0.M4 + Bump commons-io:commons-io from 2.16.1 to 2.20.0 + Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.0 + Cleanup dependencies ++++ plexus-pom: - Upgrade to version 25 * Dependency updates + Bump njord to 0.9.1 + Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.1 + Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0 + Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 + Bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 + Bump com.diffplug.spotless:spotless-maven-plugin from 3.0.0 to 3.1.0 + Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 + Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0 + Bump org.junit:junit-bom from 5.13.4 to 5.14.1 + Bump mavenPluginToolsVersion from 3.15.1 to 3.15.2 + Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 - Upgrade to version 24 * New features and improvements + Configure njord publisher and releaseURL in pom + add Reproducible Central report * Dependency updates + Bump org.codehaus.mojo:extra-enforcer-rules from 1.10.0 to 1.11.0 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.27.0 to 3.28.0 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.46.1 to 3.0.0 + Bump mavenSurefireVersion from 3.5.3 to 3.5.4 + Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 + Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2 + Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 - Upgrade to version 23 * Dependency updates + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.5 to 2.46.1 + Bump org.junit:junit-bom from 5.13.0 to 5.13.4 + Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1 + Bump njord.version from 0.7.1 to 0.7.5 + Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 + Bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.0 to 3.9.1 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0 + Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 * Maintenance + Sync Spotless Plantir Java Formater with ASF parent pom - Upgrade to version 22 * Breaking changes + Prepare for publishing via the Central Portal * Dependency updates + Bump org.junit:junit-bom from 5.12.2 to 5.13.0 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.4 to 2.44.5 - Upgrade to version 21 * New features and improvements + Add maven-dependency-plugin to pluginManagement + Align Spotless check/apply with Maven parent * Dependency updates + Bump fluido skin from 2.0.1 to 2.1.0 + Bump org.eclipse.sisu:sisu-maven-plugin from 0.9.0.M3 to 0.9.0.M4 + Bump org.apache.maven.plugins:maven-install-plugin from 3.1.3 to 3.1.4 + Bump mavenSurefireVersion from 3.5.2 to 3.5.3 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.3 to 2.44.4 + Bump org.codehaus.mojo:extra-enforcer-rules from 1.9.0 to 1.10.0 + Bump org.junit:junit-bom from 5.11.4 to 5.12.2 + Bump org.apache.maven.plugins :maven-project-info-reports-plugin from 3.8.0 to 3.9.0 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.2 to 2.44.3 + Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0 + Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.3 to 3.1.4 + Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.4.1 - Upgrade to version 20 * New features and improvements + Enforce minimal Java version + Accept all line endings in spotless + Spotless plugin - format .md files + Apply formatting with spotless-plugin by default + Sync license header with ASF * Dependency updates + Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.0.BETA4 to 2.44.2 + Bump maven-fluido-skin to 2.0.1 + Bump mavenPluginToolsVersion from 3.15.0 to 3.15.1 + Bump mavenSurefireVersion from 3.5.0 to 3.5.2 + Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.5.0 to 3.6.0 + Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.6 to 3.2.7 + Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.11.2 + Bump org.apache.maven.plugins:maven-jxr-plugin from 3.5.0 to 3.6.0 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.25.0 to 3.26.0 + Bump org.apache.maven.plugins :maven-project-info-reports-plugin from 3.7.0 to 3.8.0 + Bump org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0 + Bump org.codehaus.mojo:taglist-maven-plugin from 3.1.0 to 3.2.1 + Bump org.junit:junit-bom from 5.11.1 to 5.11.4 * Maintenance + Bump minimalMavenBuildVersion to 3.6.3 - Upgrade to version 19 * Breaking changes + Remove org.apache.maven.plugin-tools:maven-plugin-annotations from dependencyManagement * New features and improvements + Use bestPractices for gpg plugin + Drop using passphrase for maven-gpg-plugin + Skip empty report for taglist-maven-plugin * Dependency updates + Bump org.junit:junit-bom from 5.10.2 to 5.11.1 + Bump org.apache.maven.plugins :maven-project-info-reports-plugin from 3.5.0 to 3.7.0 + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.10.0 + Bump org.codehaus.mojo:extra-enforcer-rules from 1.8.0 to 1.9.0 + Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.6 + Bump mavenSurefireVersion from 3.2.5 to 3.5.0 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.22.0 to 3.25.0 + Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.5.0 + Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.2 to 3.5.0 + Bump mavenPluginToolsVersion from 3.13.0 to 3.15.0 + Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.8.0 + Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 + Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to 3.1.3 + Bump org.apache.maven.plugins:maven-install-plugin from 3.1.2 to 3.1.3 + Bump org.apache.apache.resources :apache-source-release-assembly-descriptor from 1.5 to 1.7 + Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 + Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 + Bump org.apache.maven.plugins:maven-scm-publish-plugin from 3.2.1 to 3.3.0 + Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 + Bump org.apache.maven.shared:maven-shared-resources from 5 to 6 + Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.2 to 3.4.0 + Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 + Bump org.eclipse.sisu:sisu-maven-plugin from 0.9.0.M2 to 0.9.0.M3 + Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 - Upgrade to version 18 * New features and improvements + Skip empty surefire and pmd reports + Disable site descriptor publishing by child projects + Warning about usage of deprecated API by compiler + Maven compiler - disable annotation processing by default * Dependency updates + Bump maven-fluido-skin from 1.11.2 to 1.12.0 + Bump mavenPluginToolsVersion from 3.11.0 to 3.13.0 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.21.2 to 3.22.0 + Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.2 + Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 + Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 + Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 + Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 + Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1 + Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 + Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1 + Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 * Maintenance + Improve version-template for release-drafter - Upgrade to version 17 * New features and improvements + Add default Specification and Implementation entries in jar manifest + Add maven-invoker-plugin to pluginManagement * Dependency updates + Bump org.junit:junit-bom from 5.10.1 to 5.10.2 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 + Bump mavenPluginToolsVersion from 3.10.2 to 3.11.0 + Bump mavenSurefireVersion from 3.2.2 to 3.2.5 + Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 + Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 * Maintenance + Remove dead markmail.org from mailing lists + Bump release-drafter/release-drafter from 5 to 6 - Upgrade to version 16 * New features and improvements + Introduce minimalMavenBuildVersion property + Use default executor for m-release-p * Dependency updates + Bump com.diffplug.spotless:spotless-maven-plugin from 2.40.0 to 2.41.1 + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 + Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.0 to 3.3.1 + Bump org.apache.maven.plugins:maven-pmd-plugin from 3.21.0 to 3.21.2 + Bump mavenPluginToolsVersion from 3.9.0 to 3.10.2 + Bump mavenSurefireVersion from 3.1.2 to 3.2.2 + Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 + Bump org.junit:junit-bom from 5.10.0 to 5.10.1 + Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 + Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2 - Upgrade to version 15 * Bug Fixes + Update spotless plugin palantir dependency to 2.35.0 to work with Java 21 * Dependency updates + Bump palantir formatter to 2.38.0 + Bump com.diffplug.spotless:spotless-maven-plugin from 2.38.0 to 2.40.0 + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 + Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 + Bump org.junit:junit-bom from 5.9.3 to 5.10.0 * Maintenance + Replace plexus-component-metadata plugin (deprecated) with Sisu + Switch to main branch for ci build version ------------------------------------------------------------------ ------------------ 2026-2-26 - Feb 26 2026 ------------------- ------------------------------------------------------------------ ++++ 389-ds: - bsc#1258727 - CVE-2025-14905 - heap buffer overflow due to improper size calculation in schema_attr_enum_callback - Update to version 3.0.6~git249.6688af9b2: * Security fix for CVE-2025-14905 * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064) * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 6542 - RPM build errors on Fedora 42 * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) * Issue 7194 - Repl Log Analysis - Add CSN propagation details (#7195) * Issue 7213 - MDB_BAD_VALSIZE error while handling VLV (#7214) * Issue 7027 - (2nd) 389-ds-base OpenScanHub Leaks Detected (#7211) * Issue 7184 - argparse.HelpFormatter _format_actions_usage() is deprecated * Issue 7198 - Web console doesn't show sub-suffix when parent-suffix points to an entry (#7202) * Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits * Bump lodash from 4.17.21 to 4.17.23 in /src/cockpit/389-console (#7203) * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180) * Issue 7172 - Index ordering mismatch after upgrade (#7173) * Issue - Revise paged result search locking * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145) * Revert "Issue 7160 - Add lib389 version sync check to configure (#7165)" * Issue 7160 - Add lib389 version sync check to configure (#7165) * Issue 7049 - RetroCL plugin generates invalid LDIF * Issue 7150 - Compressed access log rotations skipped, accesslog-list out of sync (#7151) * Restore definition for slapi_entry_attr_get_valuearray * Issue 1793 - RFE - Dynamic lists - UI and CLI updates * Issue 7119 - Fix DNA shared config replication test (#7143) * Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086) * Issue 1793 - RFE - Implement dynamic lists * Issue 6753 - Port ticket tests * Issue 6753 - Port and fix ticket 47823 tests * Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin * Issue 6753 - Port ticket test 48026 * Issue 7128 - memory corruption in alias entry plugin (#7131) * Issue 7091 - Duplicate local password policy entries listed (#7092) * Issue 7124 - BDB cursor race condition with transaction isolation (#7125) * Issue 7132 - Keep alive entry updated too soon after an offline import (#7133) * Issue 7121 - LeakSanitizer: various leaks during replication (#7122) * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116) * Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114) * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes * Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120) * Issue 7084 - UI - schema - sorting attributes breaks expanded row * Issue 7007 - Improve paged result search locking * Issue 3555 - UI - Fix audit issue with npm - glob (#7107) * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026) * Issue 6901 - Update changelog trimming logging - fix tests * Issue 6901 - Update changelog trimming logging * Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097) * Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094) * Issue 7055 - Online initialization of consumers fails with error -23 (#7075) * Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043) * Issue 7078 - audit json logging does not encode binary values * Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070) * Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062) * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068) * Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results * Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074) * Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters * Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list * Issue 7059 - UI - unable to upload pem file * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036) * Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048) * Issue 7044 - RFE - index sudoHost by default (#7046) * Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980) * Issue 7035 - RFE - memberOf - adding scoping for specific groups * Issue - CLI/UI - Add option to delete all replication conflict entries * Issue 7033 - lib389 - basic plugin status not in JSON * Issue 7023 - UI - if first instance that is loaded is stopped it breaks parts of the UI * Issue 7027 - 389-ds-base OpenScanHub Leaks Detected (#7028) * Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967) * Issue 6660 - UI - Improve replication log analysis charts and usability (#6968) * Issue 6982 - UI - MemberOf shared config does not validate DN properly (#6983) * Issue 7021 - Units for changing MDB max size are not consistent across different tools (#7022) * Issue 6954 - do not delete referrals on chain_on_update backend * Issue 7018 - BUG - prevent stack depth being hit (#7019) * Issue 6928 - The parentId attribute is indexed with improper matching rule * Issue 6933 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default (#6935) * Issue 6904 - Fix config_test.py::test_lmdb_config * Issue 7014 - memberOf - ignored deferred updates with LMDB * Issue 7012 - improve dscrl dbverify result when backend does not exists (#7013) * Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN * Issue 6990 - UI - Replace deprecated Select components with new TypeaheadSelect (#6996) * Issue 6990 - UI - Fix typeahead Select fields losing values on Enter keypress (#6991) * Issue 6887 - Enhance logconv.py to add support for JSON access logs (#6889) * Issue 6985 - Some logconv CI tests fail with BDB (#6986) * Issue 6891 - JSON logging - add wrapper function that checks for NULL * Issue 6977 - UI - Show error message when trying to use unavailable ports (#6978) * Issue 6956 - More UI fixes * Issue 6947 - Revise time skew check in healthcheck tool and add option to exclude checks * Issue 6805 - RFE - Multiple backend entry cache tuning * Issue 6843 - Add CI tests for logconv.py (#6856) * Issue - UI - update Radio handlers and LDAP entries last modified time * Issue 6660 - UI - Fix minor typo (#6955) * Issue 6910 - Fix latest coverity issues * Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsisten… (#6920) * Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883) * Issue 6940 - dsconf monitor server fails with ldapi:// due to absent server ID (#6941) * Issue 6936 - Make user/subtree policy creation idempotent (#6937) * Issue 6865 - AddressSanitizer: leak in agmt_update_init_status * Issue 6848 - AddressSanitizer: leak in do_search * Issue 6850 - AddressSanitizer: memory leak in mdb_init * Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2 * Issue 6778 - Memory leak in roles_cache_create_object_from_entry * Issue 6181 - RFE - Allow system to manage uid/gid at startup * Issues 6913, 6886, 6250 - Adjust xfail marks (#6914) * Issue 6768 - ns-slapd crashes when a referral is added (#6780) * Issue 6468 - CLI - Fix default error log level * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6897 - Fix disk monitoring test failures and improve test maintainability (#6898) * Issue 6884 - Mask password hashes in audit logs (#6885) * Issue 6594 - Add test for numSubordinates replication consistency with tombstones (#6862) * Issue 6250 - Add test for entryUSN overflow on failed add operations (#6821) * Issue 6895 - Crash if repl keep alive entry can not be created * Issue 6893 - Log user that is updated during password modify extended operation * Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773) * Issue 6888 - Missing access JSON logging for TLS/Client auth * Issue 6680 - instance read-only mode is broken (#6681) * Issue 6878 - Prevent repeated disconnect logs during shutdown (#6879) * Issue 6872 - compressed log rotation creates files with world readable permission * Issue 6859 - str2filter is not fully applying matching rules * Issue 6868 - UI - schema attribute table expansion break after moving to a new page * Issue 6854 - Refactor for improved data management (#6855) * Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757) * Issue 6857 - uiduniq: allow specifying match rules in the filter * Issue 6838 - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9 * Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823) * Issue 6782 - Improve paged result locking * Issue 6825 - RootDN Access Control Plugin with wildcards for IP addre… (#6826) * Issue 6736 - Exception thrown by dsconf instance repl get_ruv (#6742) * Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with user password policy * Issue 6553 - Update concread to 0.5.6 (#6824) * Issue 1081 - Add a CI test (#6063) * Issue 6761 - Password modify extended operation should skip password policy checks when executed by root DN * Issue 6791 - crash in liblmdb during instance shutdown (#6793) * Issue 6641 - modrdn fails when a user is member of multiple groups (#6643) * Issue 6776 - Enabling audit log makes slapd coredump * Issue 6534 - CI fails with Fedora 41 and DNF5 * Issue 6787 - Improve error message when bulk import connection is closed * Issue 6727 - RFE - database compaction interval should be persistent * Issue 6438 - Add basic dsidm organizational unit tests * Issue 6439 - Fix dsidm service get_dn option * Issue 5120 - ns-slapd doesn't start in referral mode (#6763) ++++ ImageMagick: - added patches CVE-2026-25797: Code injection in various encoders (bsc#1258770) * ImageMagick-CVE-2026-25797.patch - added patches CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790) * ImageMagick-CVE-2026-24484.patch CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799) * ImageMagick-CVE-2026-25897.patch CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775) * ImageMagick-CVE-2026-25969.patch CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder. (bsc#1258802) * ImageMagick-CVE-2026-25970.patch CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805) * ImageMagick-CVE-2026-25983.patch CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812) * ImageMagick-CVE-2026-25985.patch CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818) * ImageMagick-CVE-2026-25986.patch CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821) * ImageMagick-CVE-2026-25987.patch CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810) * ImageMagick-CVE-2026-25988.patch ++++ ImageMagick: - added patches CVE-2026-25797: Code injection in various encoders (bsc#1258770) * ImageMagick-CVE-2026-25797.patch - added patches CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790) * ImageMagick-CVE-2026-24484.patch CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799) * ImageMagick-CVE-2026-25897.patch CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775) * ImageMagick-CVE-2026-25969.patch CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder. (bsc#1258802) * ImageMagick-CVE-2026-25970.patch CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805) * ImageMagick-CVE-2026-25983.patch CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812) * ImageMagick-CVE-2026-25985.patch CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818) * ImageMagick-CVE-2026-25986.patch CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821) * ImageMagick-CVE-2026-25987.patch CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810) * ImageMagick-CVE-2026-25988.patch ++++ kernel-64kb: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-azure: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-default: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-rt: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ cockpit-client-launcher: - A true YaST_logo.svg inspired logo to differentiate icon from flatpak launcher - Initial packaging of cockpit-client-launcher for Cockpit 356 - Add org.cockpit_project.CockpitClient.desktop based desktop file which uses cockpit-client-launcher - Add launcher that connects to locally installed cockpit-ws and auto-detects the listening port from cockpit.socket ++++ dtb-aarch64: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ haproxy: - Update to version 3.2.12+git0.6011f448e: * [RELEASE] Released version 3.2.12 * BUG/MAJOR: quic: fix parsing frame type * BUG/MAJOR: quic: reject invalid token * BUG/MINOR: startup: handle a possible strdup() failure * BUG/MINOR: startup: fix allocation error message of progname string * BUG/MINOR: config: Fix setting of alt_proto * DOC: config: mention the limitation on server id range for consistent hash * BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers * BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types * CLEANUP: haproxy: fix bad line wrapping in run_poll_loop() * BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED * DOC: internals: cleanup few typos in master-worker documentation * BUG/MEDIUM: applet: Fix test on shut flags for legacy applets * BUG/MAJOR: applet: Don't call I/O handler if the applet was shut * MEDIUM: ssl: don't always process pending handshakes on closed connections * MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads * [RELEASE] Released version 3.2.11 * BUG/MEDIUM: debug: only dump Lua state when panicking * BUG/MINOR: config: check capture pool creations for failures * DOC: reg-tests: update VTest upstream link in the starting guide * MINOR: hlua: Add support for lua 5.5 * BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream * BUG/MINOR: mworker/cli: fix show proc pagination using reload counter * BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size * CLEANUP: mworker/cli: remove useless variable * BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression * MINOR: ssl: allow to disable certificate compression * BUG/MEDIUM: mux-h1: Skip UNUSED htx block when formating the start line * BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump * BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall() * BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback() * BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name * REGTESTS: ssl: fix generate-certificates w/ LibreSSL * BUG/MEDIUM: mux-quic: prevent BUG_ON() on aborted uni stream close * BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes * BUG/MEDIUM: ssl: fix error path on generate-certificates * BUG/MEDIUM: log: parsing log-forward options may result in segfault * BUG/MEDIUM: promex: server iteration may rely on stale server * BUG/MINOR: cfgparse: fix "default" prefix parsing * BUG/MINOR: proxy: free persist_rules * BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map() * BUG/MEDIUM: quic: fix ACK ECN frame parsing * BUG/MINOR: hlua_fcn: ensure Patref:add_bulk() is given a table object before using it * BUG/MINOR: hlua_fcn: fix broken yield for Patref:add_bulk() * MINOR: cfgparse: remove duplicate "force-persist" in common kw list * REGTESTS: ssl: Fix reg-tests curve check * BUG/MINOR: cli/stick-tables: argument to "show table" is optional * BUILD: sockpair: fix build issue on macOS related to variable-length arrays * BUG/MINOR: cfgparse: wrong section name upon error * BUILD: tools: memchr definition changed in C23 * BUILD: ssl: strchr definition changed in C23 * BUG/MEDIUM: mworker: can't use signals after a failed reload * DOC: config: fix the length attribute name for stick tables of type binary / string * BUG/MINOR: backend: inspect request not response buffer to check for TFO * BUG/MINOR: backend: fix the conn_retries check for TFO * BUG/MEDIUM: ssl: Don't resume session for check connections * MINOR: connections: Add a new CO_FL_SSL_NO_CACHED_INFO flag * MEDIUM: ssl/server: No longer store the SNI of cached TLS sessions * BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs * MEDIUM: tcpcheck/backend: Get the connection SNI before initializing SSL ctx * MINOR: connection/ssl: Store the SNI hash value in the connection itself * MINOR: ssl: Compare hashes instead of SNIs when a session is cached * MINOR: ssl: Store hash of the SNI for cached TLS sessions * MINOR: ssl: Add a function to hash SNIs * BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux * BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received * BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2) * [RELEASE] Released version 3.2.10 * BUG/MEDIUM: quic: Don't try to use hystart if not implemented * BUG/MEDIUM: quic: handle collision on CID generation * MINOR: quic: split CID alloc/generation function * MINOR: quic: adjust CID conn tree alloc in qc_new_conn() * BUG/MINOR: check: only try connection reuse for http-check rulesets * MINOR: cfgdiag: adjust diag on servers * BUG/MINOR: mux-h2: send the preface along with the first request if needed * MINOR: mux-h2: extract the code to send preface+settings into its own function * MEDIUM: mux-h2: do not needlessly refrain from sending data early * MEDIUM: h1: Immediately try to read data for frontend * BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive * BUG/MEDIUM: quic: support some ciphersuites and curves related options * MINOR: hlua: emit a log instead of an alert for aborted actions due to unavailable yield * MINOR: h2/trace: emit a trace of the received RST_STREAM type * DOC: config: Improve spop mode documentation * DOC: config: Fix description of the spop mode * BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode * BUG/MINOR: ssl: Don't allow to set NULL sni * MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm() * BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces * DOC: config: reorder the cache section's keywords * DOC: config: mention clearer that the cache's total-max-size is mandatory * BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo * BUG/MINOR: jwt: Missing "case" in switch statement * BUG/MINOR: acme: fix ha_alert() call * BUG/MINOR: acme: warning ‘ctx’ may be used uninitialized * BUG/MINOR: acme: better challenge_ready processing * BUG/MINOR: acme: prevent creating map entries with dns-01 * BUG/MINOR: acme: handle multiple auth with the same name * BUG/MEDIUM: cli: State the cli have no more data to deliver if it yields * BUG/MEDIUM: applet: Fix conditions to detect spinning loop with the new API * BUG/MINOR: http-ana: Reset analyse_exp date after 'wait-for-body' action * BUG/MEDIUM: h1-htx: Don't set HTX_FL_EOM flag on 1xx informational messages * BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards * [RELEASE] Released version 3.2.9 * DOC: http: document 413 response code * ADMIN: dump-certs: let dry-run compare certificates * ADMIN: dump-certs: use same error format as haproxy * ADMIN: dump-certs: fix lack of / in -p * ADMIN: dump-certs: create files in a tmpdir * ADMIN: dump-certs: don't update the file if it's up to date * ADMIN: haproxy-dump-certs: implement a certificate dumper * BUG/MEDIUM: proxy: do not align proxy_per_tgroup beyond allocator's capabilities * BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced * MINOR: config: Do proto detection for listeners before checks about ALPN * MINOR: muxes: Support an optional ALPN string when defining mux protocols * BUG/MEDIUM: queues: Don't forget to unlock the queue before exiting * DOC: acme: configuring acme needs a crt file * DOC: acme: explain how to dump the certificates * DOC: acme: add details about the DNS-01 support * BUG/MINOR: acme: alert when the map doesn't exist at startup * BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf() * BUG/MINOR: mworker: wrong signals during startup * BUG/MEDIUM: mworker: signals inconsistencies during startup and reload * BUG/MINOR: quic-be: backend SSL session reuse fix (OpenSSL 3.5) * BUG/MEDIUM: h1: prevent a crash on HTTP/2 upgrade * MINOR: h1: h1_release() should return if it destroyed the connection * BUG/MINOR: stick-tables: Fix return value for __stksess_kill() * BUG/MEDIUM: stick-tables: Always return the good stksess from stktable_set_entry * DOC: configuration: add missing openssl_version predicates * DOC: configuration: add missing ssllib_name_startswith() * BUG/MINOR: check: fix reuse-pool if MUX inherited from server * BUG/MINOR: acme: can't override the default resolver * BUG/MEDIUM: acme: move from mt_list to a rwlock + ebmbtree * BUG/MINOR: acme: more explicit error when BIO_new_file() * BUG/MINOR: quic: close connection on CID alloc failure * BUG/MEDIUM: stick-tables: Make sure updates are seen as local * BUG/MINOR: config: Limit "tune.maxpollevents" parameter to 1000000 * BUG/MEDIUM: connection/ssl: also fix the ssl_sock_io_cb() regarding idle list * BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list * Revert "BUG/MEDIUM: connections: permit to permanently remove an idle conn" * MINOR: ssl/sample: expose ssl_*c_curve for AWS-LC * [RELEASE] Released version 3.2.8 * BUG/MINOR: acme: wrong dns-01 challenge in the log * BUG/MEDIUM: server: close a race around ready_srv when deleting a server * BUG/MEDIUM: connections: permit to permanently remove an idle conn * BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle * BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting * SCRIPTS: build-ssl: fix rpath in AWS-LC install for openssl and bssl bin * OPTIM: backend: skip conn reuse for incompatible proxies * BUG/MINOR: resolvers: ensure fair round robin iteration * BUG/MINOR: ssl: returns when SSL_CTX_new failed during init * BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records * BUG/MINOR: init: Do not close previously created fd in stdio_quiet * MINOR: http: fix 405,431,501 default errorfile * MINOR: ssl-sample: add ssl_fc_early_rcvd() to detect use of early data * DOC: config: slightly clarify the ssl_fc_has_early() behavior * BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance * MINOR: backend: srv_is_up converter * MINOR: backend: srv_queue helper * BUG/MEDIUM: cli: do not return ACKs one char at a time * MINOR: cli: create cli_raw_rcv_buf() from the generic applet_raw_rcv_buf() * MINOR: applet: do not put SE_FL_WANT_ROOM on rcv_buf() if the channel is empty * BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims * BUG/MINOR: stick-tables: properly index string-type keys * BUG/MEDIUM: applet: Improve again spinning loops detection with the new API * BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el * [RELEASE] Released version 3.2.7 * MINOR: acme: display the complete challenge_ready command in the logs * MINOR: acme: add the dns-01-record field to the sink * BUG/MINOR: acme: memory leak from the config parser * MEDIUM: acme: don't insert acme account key in ckchs_tree * MINOR: acme: implement "reuse-key" option * BUILD: acme: fix false positive null pointer dereference * MINOR: acme: provider-name for dpapi sink * CLEANUP: acme: acme_will_expire() uses acme_schedule_date() * MINOR: acme: check acme-vars allocation during escaping * MINOR: acme: acme-vars allow to pass data to the dpapi sink * BUG/MEDIUM: build: limit excessive and counter-productive gcc-15 vectorization * BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling * MINOR: ncbmbuf: add tests as standalone mode * MINOR: ncbmbuf: implement advance operation * MINOR: ncbmbuf: implement ncbmb_data() * MINOR: ncbmbuf: implement iterator bitmap utilities functions * MINOR: ncbmbuf: implement add * MINOR: ncbmbuf: define new ncbmbuf type * MINOR: ncbuf: extract common types * BUG/MEDIUM: h3: properly encode response after interim one in same buf * BUG/MAJOR: quic: uninitialized quic_conn_closed struct members * BUG/MINOR: quic: SSL counters not handled * BUG/MEDIUM: cli: also free the trash chunk on the error path * BUG/MEDIUM: mt_list: Make sure not to unlock the element twice * BUG/MEDIUM: threads/config: drop absent threads from thread groups * DOC: clarify the experimental status for certain features * BUG/MINOR: quic: check applet_putchk() for 'show quic' first line * BUG/MEDIUM: stick-tables: Don't forget to dec count on failure. * MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant * BUG/MINOR: quic: too short PADDING frame for too short packets * BUILD: ssl: can't build when using -DLISTEN_DEFAULT_CIPHERS * BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id * BUG/MINOR: pools: don't report "limited to the first X entries" by default * BUG/MEDIUM: pools: fix crash on filtered "show pools" output * TESTS: quic: useless param for b_quic_dec_int() * BUG/MINOR: ssl: Potential NULL deref in trace macro * BUG/MINOR: ssl: Free key_base from global_ssl structure during deinit * BUG/MINOR: ssl: Free global_ssl structure contents during deinit * MINOR: debug: add distro name and version in postmortem * BUG/MINOR: sink: retry attempt for sft server may never occur * BUG/MEDIUM: apppet: Improve spinning loop detection with the new API * BUILD: makefile: disable tail calls optimizations with memory profiling * BUG/MINOR: ssl: leak crtlist_name in ssl-f-use * BUG/MINOR: ssl: leak in ssl-f-use * BUG/MINOR: ssl: always clear the remains of the first hello for the second one * BUG/MEDIUM: ssl: take care of second client hello * BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data * BUG/MINOR: acme: avoid overflow when diff > notAfter * [RELEASE] Released version 3.2.6 * BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response() * BUG/MINOR: h3: forbid 'Z' as well in header field names checks * BUG/MINOR: h2: forbid 'Z' as well in header field names checks * BUG/CRITICAL: mjson: fix possible DoS when parsing numbers * DOC: config: clarify some known limitations of the json_query() converter * BUG/MEDIUM: fwlc: Handle memory allocation failures. * MEDIUM: fwlc: Make it so fwlc_srv_reposition works with unqueued srv * MEDIUM: servers: Schedule the server requeue target on creation * BUG/MEDIUM: stick-tables: Make sure not to free a pending entry * MINOR: mt_list: Implement MT_LIST_POP_LOCKED() * BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file * BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix * BUG/MINOR: acme: possible overflow in acme_will_expire() * BUG/MINOR: acme: possible overflow on scheduling computation * BUG/MINOR: pattern: Properly flag virtual maps as using samples * BUG/MINOR: compression: Test payload size only if content-length is specified * MINOR: ssl: add the ssl_bc_sni sample fetch function to retrieve backend SNI * BUG/MEDIUM: wdt: improve stuck task detection accuracy * MINOR: sched: pass the thread number to is_sched_alive() * MINOR: sched: let's permit to share the local ctx between threads * BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC * BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections * BUG/MINOR: acme: don't unlink from acme_ctx_destroy() * CI: github: build halog on the vtest job * BUILD: halog: misleading indentation in halog.c * BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations * BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt * BUG/MINOR: acme/cli: wrong description for "acme challenge_ready" * MEDIUM: resolvers: make the process_resolvers() task single-threaded * MEDIUM: dns: bind the nameserver sockets to the initiating thread * OPTIM: sink: reduce contention on sink_announce_dropped() * BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester * BUG/MEDIUM: resolvers: Accept to create resolution without hostname * BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value * BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer * BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers * BUG/MEDIUM: resolvers: Properly cache do-resolv resolution * MINOR: tools: don't emit "+0" for symbol names which exactly match known ones * MINOR: activity: indicate the number of calls on "show tasks" * MEDIUM: peers: move process_peer_sync() to a single thread * MEDIUM: stick-table: move process_table_expire() to a single thread * MEDIUM: peers: don't even try to process updates under contention * MEDIUM: stick-tables: don't wait indefinitely in stktable_add_pend_updates() * MEDIUM: stick-tables: give up on lock contention in process_table_expire() * MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed * MINOR: stick-table: permit stksess_new() to temporarily allocate more entries * DEBUG: peers: export functions that use locks * MINOR: debug: report the time since last wakeup and call * MINOR: debug: report the number of loops and ctxsw for each thread * DEBUG: stream: count the number of passes in the connect loop * MINOR: debug: report the process id in warnings and panics * BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections * BUG/MINOR: server: Update healthcheck when server settings are changed via CLI * BUG/MEDIUM: server: Use sni as pool connection name for SSL server only * MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function * OPTIM: stick-tables: exit expiry faster when the update lock is held * MINOR: stick-tables: limit the number of visited nodes during expiration * [RELEASE] Released version 3.2.5 * BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2) * DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting * BUG/MEDIUM: ring: invert the length check to avoid an int overflow * BUG/MINOR: resolvers: always normalize FQDN from response * BUG/MINOR: ocsp: Crash when updating CA during ocsp updates * BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common() * BUG/MINOR: ocsp: prototype inconsistency * BUG/MINOR: ssl: Fix potential NULL deref in trace callback * BUG/MINOR: ssl: Potential NULL deref in trace macro * BUG/MEDIUM: jws: return size_t in JWS functions * BUG/MINOR: acme: null pointer dereference upon allocation failure * BUG/MAJOR: stream: Force channel analysis on successful synchronous send * BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval * BUG/MINOR: stick-table: make sure never to miss a process_table_expire update * BUG/MEDIUM: stick-tables: don't loop on non-expirable entries * BUG/MINOR: activity: fix reporting of task latency * BUG/MEDIUM: ssl: create the mux immediately on early data * BUG/MEDIUM: h1: Allow reception if we have early data * BUG/MEDIUM: checks: fix ALPN inheritance from server * OPTIM: check: do not delay MUX for ALPN if SSL not active * BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream * BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding * BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset * BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full * BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states * BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught * CLEANUP: quic: fix typo in quic_tx trace * BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() * BUILD: trace: silence a bogus build warning at -Og * BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list() * BUG/MINOR: connection: streamline conn detach from lists * BUG/MEDIUM: conn: fix UAF on connection after reversal on edge * REGTESTS: explicitly use "balance roundrobin" where RR is needed * BUG/MINOR: check: fix dst address when reusing a connection * BUG/MINOR: check: ensure check-reuse is compatible with SSL * BUG/MEDIUM: peers: don't fail twice to grab the update lock * BUG/MINOR: stick-tables: never leave used entries without expiration * BUG/MEDIUM: stick-tables: don't leave the expire loop with elements deleted * MINOR: quic: Add more information about RX packets * BUILD: acl: silence a possible null deref warning in parse_acl_expr() * BUG/MINOR: haproxy: be sure not to quit too early on soft stop * BUG/MINOR: quic: fix padding issue on INITIAL retransmit * BUG/MINOR: quic: fix room check if padding requested * BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames * BUG/MINOR: tools: Add OOM check for malloc() in indent_msg() * BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options() * BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen() * BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse() * BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger() * BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url() * BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server * REG-TESTS: map_redirect: Don't use hdr_dom in ACLs with "-m end" matching method * BUG/MAJOR: mux-quic: fix crash on reload during emission * BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete() * CLEANUP: quic: remove a useless CRYPTO frame variable assignment * MINOR: doc: add missing statistics column * MINOR: doc: add missing statistics column * DOC: configuration: confuse "strict-mode" with "zero-warning" * DOC: unreliable sockpair@ on macOS * BUILD: mworker: fix ignoring return value of ‘read’ * BUG/MINOR: server: decrement session idle_conns on del server * BUG/MINOR: connection: remove extra session_unown_conn() on reverse * BUG/MINOR: connection: rearrange union list members * BUG/MEDIUM: mworker: fix startup and reload on macOS * BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found * BUG/MINOR: mux-quic: trace with non initialized qcc * MINOR: quic: remove ->offset qf_crypto struct field * DOC: configuration: clarify 'default-crt' and implicit default certificates * MINOR: ssl: diagnostic warning when both 'default-crt' and 'strict-sni' are used * BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets * MINOR: sample: Add base2 converter * MINOR: sample: Add le2dec (little endian to decimal) sample fetch * BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort * BUG/MEDIUM: http_ana: handle yield for "stats http-request" evaluation * BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend * MINOR: http_ana: fix typo in http_res_get_intercept_rule * MINOR: quic: centralize padding for HP sampling on packet building * BUG/MINOR: quic: don't coalesce probing and ACK packet of same type * BUG/MAJOR: quic: fix INITIAL padding with probing packet only * BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested * BUG/MEDIUM: quic: reset padding when building GSO datagrams * MINOR: dns: dns_connect_nameserver: fix fd leak at error path * BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind * BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW * BUG/MEDIUM: mworker: more verbose error upon loading failure * BUG/MEDIUM: cli: Report inbuf is no longer full when a line is consumed * BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames * MEDIUM: dns: don't call connect to dest socket for AF_INET* * BUG/MINOR: mux-h1: fix wrong lock label * BUG/MEDIUM: quic: listener connection stuck during handshakes (OpenSSL 3.5) * MINOR: quic: implement qc_ssl_do_hanshake() * BUG/MEDIUM: Remove sync sends from streams to applets * BUG/MEDIUM: stconn: Fix conditions to know an applet can get data from stream * [RELEASE] Released version 3.2.4 * BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer * BUG/MEDIUM: mux-quic: adjust wakeup behavior * DOC: config: recommend single quoting passwords * DOC: management: fix typo in commit f4f93c56 * BUG/MINOR: init: Initialize random seed earlier in the init process * BUG/MEDIUM: ssl: fix build with AWS-LC * BUG/MEDIUM: ssl: Fix 0rtt to the server * MINOR: sock: update broken accept4 detection for older hardwares. * BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR * BUILD: compat: always set _POSIX_VERSION to ease comparisons * BUILD: compat: provide relaxed versions of the MIN/MAX macros * DOC: list missing global QUIC settings * CLEANUP: http-client: Remove useless indentation when sending request body * BUG/MINOR: mux-quic: ensure close-spread-time is properly applied * BUG/MINOR mux-quic: apply correctly timeout on output pending data * BUG/MINOR: hq-interop: fix FIN transmission * BUG/MINOR: logs: fix log-steps extra log origins selection * BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS * BUG/MINOR: halog: exit with error when some output filters are set simultaneosly * BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init * MINOR: h3: remove unused outbuf in h3_resp_headers_send() * BUG/MINOR: quic: Wrong source address use on FreeBSD * BUG/MEDIUM: h3: handle interim response properly on FE side * MINOR: qmux: change API for snd_buf FIN transmission * BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side) * BUG/MINOR: h3: properly realloc buffer after interim response encoding * BUG/MEDIUM: h3: do not overwrite interim with final response * BUG/MINOR: h1-htx: Don't forget to init flags in h1_format_htx_msg function * BUG/MINOR: mux-h1: Use configured error files if possible for early H1 errors * MINOR: h1-htx: Add function to format an HTX message in its H1 representation * BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM * BUG/MEDIUM: http-client: Drain the request if an early response is received * BUG/MINOR: http-client: Reject any 101-switching-protocols response * BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode * BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred * BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred * BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred * BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5) * MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version < 3.5.1 * BUG/MINOR: listener: really assign distinct IDs to shards * MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory * DOC: management: clarify usage of -V with -c * MEDIUM: acme: use lowercase for challenge names in configuration * BUG/MINOR: acme: possible integer underflow in acme_txt_record() * MINOR: acme: update the log for DNS-01 * MEDIUM: acme: allow to wait and restart the task for DNS-01 * MINOR: acme: emit the DNS-01 challenge details on the dpapi sink * MINOR: acme: emit a log for DNS-01 challenge response * BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator * BUILD: acme: avoid declaring TRACE_SOURCE in acme-t.h * CLEANUP: ssl: Rename ssl_trace-t.h to ssl_trace.h * BUG/MEDIUM: mux-quic: ensure Early-data header is set * BUG/MINOR: hlua: take default-path into account with lua-load-per-thread * BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options * BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established * BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket * BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket * BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet * MINOR: acme: implement traces * MINOR: acme: add ACME to the haproxy -vv feature list * CLEANUP: acme: fix wrong spelling of "resources" * BUG/MINOR: acme: allow "processing" in challenge requests * MINOR: acme: remove acme_req_auth() and use acme_post_as_get() instead * BUG/MEDIUM: acme: use POST-as-GET instead of GET for resources * BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers * DOC: deviceatlas build clarifications * [RELEASE] Released version 3.2.3 * BUILD/MEDIUM: deviceatlas: fix when installed in custom locations. * BUG/MINOR: http-act: Fix parsing of the expression argument for pause action * BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections * BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init() * BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API) * CI: github: update to OpenSSL 3.5.1 * BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5 * BUILD: quic: QUIC build against OpenSSL 3.5 broken * CI: github: update the stable CI to ubuntu-24.04 * CI: github: add an OpenSSL 3.5.0 job * CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0 * [RELEASE] Released version 3.2.2 * BUILD: dev/phash: remove the accidentally committed a.out file * BUG/MINOR: httpclient: wrongly named httpproxy flag * DOC: Fix 'jwt_verify' converter doc * BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter * BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending * BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services * MINOR: ssl: check TLS1.3 ciphersuites again in clienthello with recent AWS-LC * BUG/MINOR: tools: use my_unsetenv instead of unsetenv * SCRIPTS: drop the HTML generation from announce-release * DOC: config: crt-list clarify default cert + cert-bundle * MINOR: quic: Useless TX buffer size reduction in closing state * BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding * DOC: configuration: add details on prefer-client-ciphers * BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation * BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself * BUG/MINOR: tools: only reset argument start upon new argument * MINOR: fwlc: Factorize code. * BUG/MAJOR: fwlc: Count an avoided server as unusable. * BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream * DOC: config: prefer-last-server: add notes for non-deterministic algorithms * BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported * MINOR: cli: handle EOS/ERROR first * BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available * BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5) * BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS * BUG/MINOR: config/server: reject QUIC addresses * [RELEASE] Released version 3.2.1 * BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing * BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info * BUG/MINOR: quic: Missing SSL session object freeing * BUG/MINOR: config: fix arg number reported on empty arg warning * BUG/MINOR: config: emit warning for empty args only in discovery mode * BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed * BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure * BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout * BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock * DOC: config: Fix a typo in 2.7 (Name format for maps and ACLs) * BUILD: tools: properly define ha_dump_backtrace() to avoid a build warning Remove patches applied by update: 0001-BUG-CRITICAL-mjson-fix-possible-DoS-when-parsing-num.patch 0001-BUG-MEDIUM-applet-Fix-test-on-shut-flags-for-legacy.patch 0001-fix-parsing-frame-type.patch 0001-reject-invalid-token.patch ++++ kernel-source: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-docs: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-kvmsmall: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-obs-build: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-obs-qa: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-syms: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ kernel-zfcpdump: - mm, shmem: prevent infinite loop on truncate race (CVE-2026-23161 bsc#1258355). - commit 905c137 - mm: prevent poison consumption when splitting THP (CVE-2025-40230 bsc#1254817). - commit 73eef46 - ice: Fix PTP NULL pointer dereference during VSI rebuild (CVE-2026-23210 bsc#1258517). - commit ebccada - mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292 bsc#1255148). - commit ef8df4a - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit 7808229 ++++ systemd: - Sign systemd-boot EFI binary on aarch64 (bsc#1258344) ++++ nvidia-open-driver-G06-signed-cuda: - updated CUDA variant to version 580.126.20 - supersedes kernel-6.19.patch ++++ nvidia-open-driver-G06-signed: - updated CUDA variant to version 580.126.20 - supersedes kernel-6.19.patch ++++ openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries ++++ openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries ++++ openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries ++++ openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries ++++ openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries ++++ os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common ++++ os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common ++++ os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common ++++ os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common ++++ os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common ++++ python-ty: - Add support to build for Leap 16.0 with rust1.90 ------------------------------------------------------------------ ------------------ 2026-2-25 - Feb 25 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - added patches CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791) * ImageMagick-CVE-2026-24485.patch CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy (bsc#1258785) * ImageMagick-CVE-2026-25965.patch - added patches CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793) * ImageMagick-CVE-2026-25638.patch CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792) * ImageMagick-CVE-2026-25795.patch CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787) * ImageMagick-CVE-2026-25798.patch CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786) * ImageMagick-CVE-2026-25799.patch CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807) * ImageMagick-CVE-2026-25898.patch CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779) * ImageMagick-CVE-2026-25967.patch CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776) * ImageMagick-CVE-2026-25968.patch CVE-2026-25982: Heap Out-of-Bounds Read in DCM Decoder (bsc#1258772) * ImageMagick-CVE-2026-25982.patch CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (bsc#1258771) * ImageMagick-CVE-2026-25989.patch CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769) * ImageMagick-CVE-2026-26066.patch ++++ ImageMagick: - added patches CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791) * ImageMagick-CVE-2026-24485.patch CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy (bsc#1258785) * ImageMagick-CVE-2026-25965.patch - added patches CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793) * ImageMagick-CVE-2026-25638.patch CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792) * ImageMagick-CVE-2026-25795.patch CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787) * ImageMagick-CVE-2026-25798.patch CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786) * ImageMagick-CVE-2026-25799.patch CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807) * ImageMagick-CVE-2026-25898.patch CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779) * ImageMagick-CVE-2026-25967.patch CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776) * ImageMagick-CVE-2026-25968.patch CVE-2026-25982: Heap Out-of-Bounds Read in DCM Decoder (bsc#1258772) * ImageMagick-CVE-2026-25982.patch CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (bsc#1258771) * ImageMagick-CVE-2026-25989.patch CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769) * ImageMagick-CVE-2026-26066.patch ++++ OpenBoard: - update to release version 1.7.6 * fix: crash when using the "add to document" button in Documents Mode * fix: standard PDF export method would constantly fail * fix: rearrange board thumbnails after duplicating scene - add patch 1434-build-poppler-26-02.patch * compatibility with poppler 26.02 ++++ OpenBoard: - update to release version 1.7.6 * fix: crash when using the "add to document" button in Documents Mode * fix: standard PDF export method would constantly fail * fix: rearrange board thumbnails after duplicating scene - add patch 1434-build-poppler-26-02.patch * compatibility with poppler 26.02 ++++ kernel-64kb: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-azure: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-default: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-rt: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ dtb-aarch64: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-source: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-docs: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-kvmsmall: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-obs-build: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-obs-qa: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-syms: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ kernel-zfcpdump: - mm/shmem, swap: fix race of truncate and swap entry split (CVE-2026-23161 bsc#1258355). - commit d6f1384 - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 48b00b3 - nfsd: provide locking for v4_end_grace (git-fixes). - commit 86e35a2 - rxrpc: Fix recvmsg() unconditional requeue (CVE-2026-23066 bsc#1257726). - commit c17a357 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit 956c9f9 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit 6b20edc ++++ libsoup2: - Add libsoup-CVE-2026-1760.patch: server: close the connection after responsing a request containing... (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475). - Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation when checking if a GUri is valid (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488). - Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization header on cross origin redirect (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489). ++++ libsoup: - Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization header on cross origin redirect (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489). ++++ openQA: - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks ++++ openQA: - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks ++++ openQA: - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks ++++ openQA: - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks ++++ openQA: - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks ++++ os-autoinst: - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs ++++ qemu: - Update to version 10.0.8 Full backport list: https://lore.kernel.org/qemu-devel/20260213060647.200707-1-mjt@tls.msk.ru/ Fixes: bsc#1255400 (CVE-2025-14876) A selection of them is reported here below: scripts/qemugdb: timers: Fix KeyError in 'qemu timers' command linux-user/syscall.c: Prevent acquiring clone_lock while fork() virtio-gpu: fix error handling in virgl_cmd_resource_create_blob virtio-pmem: ignore empty queue notifications virtio-gpu-virgl: correct parent for blob memory region cryptodev-builtin: Limit the maximum size hw/virtio/virtio-crypto: verify asym request size q35: Fix migration of SMRAM state virtio-dmabuf: Ensure UUID persistence for hash table insertion vdpa: fix vhost-vdpa suspended state not be shared hw/i2c/aspeed_i2c: Fix DMA moving data into incorrect address hw/i2c/aspeed: Fix wrong I2CC_DMA_LEN when I2CM_DMA_TX/RX_ADDR set first hw/i2c/aspeed_i2c.c: Add a check for dma_read hw/adc: Fix out-of-bounds write in Aspeed ADC model hw/uefi: fix size negotiation hw/nvme: Fix bootindex suffix use-after-free python: fix msys64 wheel directory specification tests/qtest/ufs-test: Add test for mcq completion queue wraparound hw/ufs: Fix mcq completion queue wraparound hw/ufs: fix CQE endianness and UPIU length hw/ufs: Ensure DBC of PRDT uses only lower 18 bits tests/functional: migrate sbsa_ref test images pc-bios/optionrom: Use 32-bit linker emulation for the optionroms target/i386/tcg: fix a few instructions that do not support VEX.L=1 linux-user: fixup termios2 related things on PowerPC linux-user: Add missing termios baud rates linux-user: Add termios2 support to sparc target linux-user: Add termios2 support to sh4 target linux-user: Add termios2 support to mips target linux-user: Add termios2 support to hppa target linux-user: Add termios2 support to alpha target linux-user: Add termios2 support hw/intc: avoid byte swap fiddling in gicv3 its path bsd-user/syscall_defs.h: define STAT_TIME_T_EXT only for 32 bits bsd-user: Fix __i386__ test for TARGET_HAS_STAT_TIME_T_EXT hw/sd/sdhci: Fix TYPE_IMX_USDHC to implement sd-spec-version 3 by default linux-user/aarch64/target_fcntl.h: add missing TARGET_O_LARGEFILE definition ... - Bugfix: * [openSUSE][RPM] spec: Tie guest-agent supplements to the kernel package (bsc#1257492) ++++ qemu-linux-user: - Update to version 10.0.8 Full backport list: https://lore.kernel.org/qemu-devel/20260213060647.200707-1-mjt@tls.msk.ru/ Fixes: bsc#1255400 (CVE-2025-14876) A selection of them is reported here below: scripts/qemugdb: timers: Fix KeyError in 'qemu timers' command linux-user/syscall.c: Prevent acquiring clone_lock while fork() virtio-gpu: fix error handling in virgl_cmd_resource_create_blob virtio-pmem: ignore empty queue notifications virtio-gpu-virgl: correct parent for blob memory region cryptodev-builtin: Limit the maximum size hw/virtio/virtio-crypto: verify asym request size q35: Fix migration of SMRAM state virtio-dmabuf: Ensure UUID persistence for hash table insertion vdpa: fix vhost-vdpa suspended state not be shared hw/i2c/aspeed_i2c: Fix DMA moving data into incorrect address hw/i2c/aspeed: Fix wrong I2CC_DMA_LEN when I2CM_DMA_TX/RX_ADDR set first hw/i2c/aspeed_i2c.c: Add a check for dma_read hw/adc: Fix out-of-bounds write in Aspeed ADC model hw/uefi: fix size negotiation hw/nvme: Fix bootindex suffix use-after-free python: fix msys64 wheel directory specification tests/qtest/ufs-test: Add test for mcq completion queue wraparound hw/ufs: Fix mcq completion queue wraparound hw/ufs: fix CQE endianness and UPIU length hw/ufs: Ensure DBC of PRDT uses only lower 18 bits tests/functional: migrate sbsa_ref test images pc-bios/optionrom: Use 32-bit linker emulation for the optionroms target/i386/tcg: fix a few instructions that do not support VEX.L=1 linux-user: fixup termios2 related things on PowerPC linux-user: Add missing termios baud rates linux-user: Add termios2 support to sparc target linux-user: Add termios2 support to sh4 target linux-user: Add termios2 support to mips target linux-user: Add termios2 support to hppa target linux-user: Add termios2 support to alpha target linux-user: Add termios2 support hw/intc: avoid byte swap fiddling in gicv3 its path bsd-user/syscall_defs.h: define STAT_TIME_T_EXT only for 32 bits bsd-user: Fix __i386__ test for TARGET_HAS_STAT_TIME_T_EXT hw/sd/sdhci: Fix TYPE_IMX_USDHC to implement sd-spec-version 3 by default linux-user/aarch64/target_fcntl.h: add missing TARGET_O_LARGEFILE definition ... - Bugfix: * [openSUSE][RPM] spec: Tie guest-agent supplements to the kernel package (bsc#1257492) ------------------------------------------------------------------ ------------------ 2026-2-24 - Feb 24 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - added patches CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743) * ImageMagick-CVE-2026-24481.patch CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748) * ImageMagick-CVE-2026-25576.patch CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759) * ImageMagick-CVE-2026-25637.patch CVE-2026-25794: Heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions (bsc#1258749) * ImageMagick-CVE-2026-25794.patch CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757) * ImageMagick-CVE-2026-25796.patch CVE-2026-26283: Possible infinite loop in JPEG encoder when using `jpeg:extent` (bsc#1258767) * ImageMagick-CVE-2026-26283.patch CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. (bsc#1258765) * ImageMagick-CVE-2026-26284.patch CVE-2026-26983: Invalid MSL map can result in a use after free (bsc#1258763) * ImageMagick-CVE-2026-26983.patch ++++ ImageMagick: - added patches CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743) * ImageMagick-CVE-2026-24481.patch CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748) * ImageMagick-CVE-2026-25576.patch CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759) * ImageMagick-CVE-2026-25637.patch CVE-2026-25794: Heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions (bsc#1258749) * ImageMagick-CVE-2026-25794.patch CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757) * ImageMagick-CVE-2026-25796.patch CVE-2026-26283: Possible infinite loop in JPEG encoder when using `jpeg:extent` (bsc#1258767) * ImageMagick-CVE-2026-26283.patch CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. (bsc#1258765) * ImageMagick-CVE-2026-26284.patch CVE-2026-26983: Invalid MSL map can result in a use after free (bsc#1258763) * ImageMagick-CVE-2026-26983.patch ++++ agama-yast: - Do not log the URL password in the "inst.install_url" boot parameter (bsc#1258701) ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools ++++ kernel-64kb: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-azure: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-default: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-rt: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ dtb-aarch64: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ gnutls: - Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. * (bsc#1258083, jsc#PED-15752, jsc#PED-15753) * lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2 * tests/psk-file: Add testing for _credentials2 functions * lib/psk: add null check for binder algo * pre_shared_key: fix memleak when retrying with different binder algo * pre_shared_key: add null check on pskcred * Add patches: - gnutls-PSK-hash.patch - gnutls-PSK-hash-tests.patch - gnutls-PSK-hash-NULL-check.patch - gnutls-PSK-hash-NULL-check-pskcred.patch - gnutls-PSK-hash-fix-memleak.patch ++++ grub2: - Support dm multipath bootlist on PowerPC (bsc#1254415) * 0001-ieee1275-support-dm-multipath-bootlist.patch ++++ himmelblau: - Update to version 2.3.5+git0.9dd526c; (jsc#PED-14511): * Better handle Intune API version * deps(rust): bump the all-cargo-updates group with 8 updates; (bsc#1257904), (CVE-2026-25727) * Update make vet from main branch * pam_himmelblau: call split_username once in chauthtok * pam_himmelblau: return PAM_IGNORE in chauthtok for local users * Don't attempt a DAG when Hello fails with SSPR demand - Update to version 2.3.4+git0.db5df80: * Version 2.3.4 * cargo vet * deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates * Revert sketching update (which breaks SLE16 build) - Update to version 2.3.3+git0.25e8b73: * Version 2.3.3 * cargo vet * /var/cache/private/himmelblaud should not be created tmpfiles * Updatee python vers for dataclasses dep * deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates * Generate pin init service file systemd < 250 * Checkin missing himmelblaud.if file for SELinux * Resolve typos in selinux package commands - Update to version 2.3.2+git0.5a7a598: * Compile SELinux policy at install time for cross-distro compatibility * Improve PAM configuration on openSUSE/SLE * Fix SELinux policy * Add a git hook to ensure selinux policy is tested * Ignore generated himmelblau-hsm-pin-init service file * Refactor SELinux policy for cross-distro compatibility * cargo vet * Fix NSS lookup for mapped local users * Skip OS version compliance checks when min/max values are empty - Update to version 2.3.1+git0.2418ec2: * Version 2.3.1 * Remove references to qrcodegen (these are 3.x features) * QR Greeter compatibility for old GNOME * Enable QR greeter automatically * ci: Use latest cargo-vet from git to fix CI * Fix HSM pin migration failure on Debian/Ubuntu upgrades from v1.4.x * Version 2.3.0 * cargo vet * Update make vet from main branch * Autostart the daemons on fresh install or upgrade * Restart sshd when installing the ssh config * Allow tasks daemon to write krb ccache * Do not enumerate mapped users in NSS * deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates * Update libhimmelblau to latest version * Fix Tumbleweed build * cargo vet * Version 2.2.0 * Update libhimmelblau to 0.8.x series * deps(rust): bump the all-cargo-updates group with 17 updates * Only use OpenSSH bug workaround for ssh service * Fix debug noise from removing user from sudo group * systemd: install files to /usr/lib/, not /etc/ * Version 2.1.0 * Fix nightly authselect build failure * Generate the authselect profiles for each distro * Improve pam config handling in aad-tool * Make `aad-tool configure-pam` detect location of pam files * Version 2.0.5 * /var/lib/private/himmelblaud should be owned by root * Use tmpfiles.d to create himmelblaud private data directory - Resolve mode mismatch with Chromium package. - Update to version 2.0.4+git.2.5d26a19: * deps(rust): bump the all-cargo-updates group with 13 updates * Version 2.0.4 * Update kanidm_build_profiles mask version * Utilize cargo vet from main * Add policies cache patch via systemd-tmpfiles - Update to version 2.0.3+git.4.4f6e025: * Fix man page comments about change idmap_range * Stub picky-krb for osc build * Stub a kanidm_build_profiles which builds in osc * Ensure nss cache is created on Ubuntu/Debian * Request a user token if NSS hasn't been called * Version 2.0.3 * Add nss cache patch via systemd-tmpfiles * Version 2.0.2 * Recommend `patch` with the pam package * Fix passwordless FIDO authentication not being used when available * Git workflow updates for stable-2.x * Only warn on Intune failure * Version 2.0.1 * Force o365 desktop files to always rebuild * Always rebuild the o365 apps * Add restart on-failure to systemd services * Clarify `domain` SHOULD match login domain * Remove warning about `domain` himmelblau.conf opt * Pseudo eliminate multi-tenant and domains section * Revert "Fix Hello PIN lookup when an alias domain" * Comment out `KbdInteractiveAuthentication on` in sshd conf * Check the nxset sooner, to avoid unwanted errors * Recommend oddjob_mkhomedir with authselect * Pin libhimmelblau to 0.7.x * Deprecate Fedora 41 * Cargo vet * deps(rust): bump the all-cargo-updates group with 11 updates * Bump github/codeql-action from 4.30.8 to 4.31.2 * Bump cachix/install-nix-action from 31.8.1 to 31.8.2 * Bump actions/upload-artifact from 4.6.2 to 5.0.0 * cargo clippy and rebase fix * fixup! add extra debug output to NotFound error code * force error output to show up in CI logs * wrap repeated sources of IdpError::NotFound in helper functions * add extra debug output to NotFound error code * use direnv for loading the nix devshell * We should still encourage mapping by name * Add support for Fedora 43 * Provide a offline 'breakglass' mode * cargo clippy * Add warning about incorrect nsswitch configuration * Distinguish between online and offline token fail * Ensure user token uses original name * Fix alias domain in auth result causing failure * Resolve cargo clippy warnings * Only map on cn name for the primary domain * Install systemd in build scripts for gen service * Fix systemd version parsing * cargo vet * Update libhimmelblau to 0.7.19 * Resolve SELinux build failures in nightly (part 2) * Rocky container image updates were failing * Warn instead of error when no idmap_range specified * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates * Trim whitespace from local group names * Fix borrowing error * Fix reference to local_sudo_group in condition * Only run sudo_groups if local_groups does not contain local_sudo_group * Leave SELinux in permissive mode for Himmelblau * Resolve SELinux build failures in nightly * nix: add join_type option to nixos-module settings * Build host configuration changes * Ensure that hsm_pin isn't present decrypted * Document Soft HSM changes to TPM bound * Disable SELinux by default on NixOS * sh doesn't have `source` * Encrypt hsm-pin using systemd-creds * Recommend uuid id mapping * Improve himmelblau.conf man page formatting * Implement Local User Mapping * Add o365 dependency for jq * Add selinux rules for gdm login * Narrow the scope of selinux policy with audit2allow * Generate the systemd service files * Fix selinux build for SLE16 * Resolve SLE16 build dependency failure * Fix the rawhide build * Mask the sshkey-attest package * Bump cachix/install-nix-action from 31.7.0 to 31.8.1 * cargo vet dependency updates * deps(rust): bump the all-cargo-updates group across 1 directory with 13 updates * Bump actions/dependency-review-action from 4.8.0 to 4.8.1 * Bump cachix/install-nix-action from 31.7.0 to 31.8.0 * Bump github/codeql-action from 3.30.5 to 4.30.8 * Bump ossf/scorecard-action from 2.4.2 to 2.4.3 * SELinux improvements * Fix a typo in package gen scripts * cargo fmt * Permit NSS response for mapped primary fake group * Fix Nix Error With Fuzz * Decrease CI fuzzer setup time * Document join types * Support for Entra registered devices * Run `cargo test` in a container * Bump cachix/install-nix-action from 31.6.2 to 31.7.0 * cargo vet * deps(rust): bump the all-cargo-updates group across 1 directory with 2 updates * Bump github/codeql-action from 3.30.4 to 3.30.5 * Use pastey crate instead of unmaintained paste * cargo vet * Pin unmaintained serde_cbor dep to serde_cbor_2 * Resolve tower-http `cargo audit` warning * Replace unmaintained fxhash with own version * Resolve warning about workflow top level write permissions * Remove dependabot automerge * Resolve division by 0 in idmap code * deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates * [StepSecurity] ci: Harden GitHub Actions * Only idmap against initialized domains * Resolve invalid init of idmap with same domain * Resolve division by 0 in idmap code * Add fuzzing of idmap code * Add basic fuzzing of the config options * cargo clippy * Resolve error found by fuzzing * cargo vet prune * deps(rust): bump regex in the all-cargo-updates group * Bump actions/dependency-review-action from 4.7.3 to 4.8.0 * Bump actions/checkout from 3.6.0 to 5.0.0 * Bump cachix/cachix-action from 14 to 16 * Bump ossf/scorecard-action from 2.4.0 to 2.4.2 * Bump cachix/install-nix-action from 25 to 31 * Add the OpenSSF Best Practices badge * Add scorecard badge * [StepSecurity] Apply security best practices * Fix group static mapping * Move aad-tool idmap cache clear to the idmap cmd * Resolve errant "Hello key missing." messages * Update flake.nix * Slow the dependabot update frequency * Audit dependabot updates * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates * feat: Add support for aarch64 on Debian-based distributions * Resolve possible invalid pointer dereferences * Cargo clippy * Cargo fmt * Avoid revealing account ids in debug log * Cause doc links to open in the correct apps * Permit opening multiple instances of Word/Excel * Modify systray and app close behavior * Don't use questionably licensed icons for o365 * Resolve NixOS CI failure * Fix building w/out deprecated interactive feature * Update himmelblau.conf.5 sudo_groups example * Entra group based sudo access * Audited the cargo updates * deps(rust): bump the all-cargo-updates group with 6 updates * Vet libhimmelblau * Add `make vet` command * Update deny.toml * Remove incompatible licenses from deps * Fix RHEL8 package signing * Add SBOM generation * Add an IRP checklist for security incidents * Run the nixos build/release on the correct version * Add crate dependency auditing on MR * Add some exceptions * Initialize cargo vet * Remove in-tree kanidm dependencies * Fix Hello PIN lookup when an alias domain * Raise maximum group lookup from 100 to 999 * Always work with lowercase account names * Modify FUNDING.yml for funding sources * Remove glib dependency * deps(rust): bump the all-cargo-updates group with 10 updates * Add CI check for licenses * Update dependabot.yml to target all stable branches * Add authselect module for Rocky/Fedora * Recommend packages, instead of require * Add a Contributing document * Add a Code of Conduct * add withSelinux flag to nix build, brings SELinux binaries into the build environment. * deps(rust): bump tracing-subscriber in the cargo group * Don't overwrite the himmelblau.conf on rpm upgrade * Add help output to the Makefile * Fix building packages with docker in root mode * Update to latest libhimmelblau and identity_dbus_broker * Make PRT SSO cookie via broker work as well for Edge * Make broker work for Edge * Generate Office 365 desktop apps * Update README * Add `make uninstall` command * Remove the deprecated tests suite * Himmelblau no longer has git submodules * Make install using packages * Add Debian 13 packages * Generate Dockerfiles automatically * Add SELinux configuration * Himmelblau daemon requires system tss user * Add cron dependency for Intune scripts * Do not mangle /usr/etc configuration files * Fix building packages with docker in root mode * deps(rust): bump the all-cargo-updates group with 11 updates * deps(rust): bump the all-cargo-updates group with 7 updates * Add SLE16 (beta) build target * Automatically append to nsswitch.conf in postinst * Correct the RPM postinst script syntax * Fix Kerberos credential cache permissions * Set file owner and group before writing its content * Create SECURITY.md * deps(rust): bump the all-cargo-updates group with 6 updates * Rev the dev version to 2.0.0 * Ensure alias domains match when checking Intune device id * Debian 12 doesn't support ConditionPathExists and notify-reload * Write scripts policy to a readable directory * Apply Intune policies right after enrollment * Add more debug instrumentation * Provide device_id to Intune enrollment if not cached * Ensure nss cache directory is created during install * Remove /var/cache/himmelblaud access from tasks daemon * Resolve daemon startup absolute path warnings * Delay Intune enrollment on Device Auth fail * Do not leak the Intune IW service token in the logs - Update to version 1.4.2+git.0.52da279: * Version 1.4.2 * Rocky container image updates were failing * Revert libhimmelblau unstable update * Version 1.4.1 * Update Intune to use app version 1.2511.7 * Version 1.4.0 * Resolve build failures * deps(rust): bump the all-cargo-updates group across 1 directory with 6 updates * Permit NSS response for mapped primary fake group - Update to version 1.3.0+git.0.f8cabb7: * Resolve errant "Hello key missing." messages * Version 1.3.0 * Fix group static mapping * Move aad-tool idmap cache clear to the idmap cmd * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates * deps(rust): bump the all-cargo-updates group with 6 updates * Fix RHEL8 package signing * Fix Hello PIN lookup when an alias domain * Raise maximum group lookup from 100 to 999 * Always work with lowercase account names * Revert the self-hosted runner name * deps(rust): bump the all-cargo-updates group with 23 updates - Update to version 1.2.2+git.0.2d04bca: * Include latest branch in CI * Self hosted runners * Version 1.2.2 * deps(rust): bump tracing-subscriber in the cargo group; (bsc#1249013), (CVE-2025-58160) * Version 1.2.1 * Automatically append to nsswitch.conf in postinst * Correct the RPM postinst script syntax - Update to version 1.2.0+git.0.6befefc: * Version 1.2.0 * Fix Kerberos credential cache permissions; (bsc#1247735), (CVE-2025-54882) * Set file owner and group before writing its content * Ensure alias domains match when checking Intune device id * Debian 12 doesn't support ConditionPathExists and notify-reload * Write scripts policy to a readable directory * Apply Intune policies right after enrollment * Add more debug instrumentation * Provide device_id to Intune enrollment if not cached * Ensure nss cache directory is created during install * Remove /var/cache/himmelblaud access from tasks daemon * Resolve daemon startup absolute path warnings * Version 1.1.0 * Delay Intune enrollment on Device Auth fail * Do not leak the Intune IW service token in the logs - Update to version 1.0.0+git.0.d01709b: * Fix policy application * Add remaining Linux password compliance policies * Add custom compliance enforcement * deps(rust): bump the all-cargo-updates group with 3 updates * deps(rust): bump the all-cargo-updates group with 5 updates * Add SLE15SP7 build target * Add RHEL 10 build target * Fix Intermittent auth issue AADSTSError 16000 * Remove old utf8proc dependency * Add `fedora42` build target * Handle PRT expiration and tie to offline auth * Correctly delete the Hello keys on bad pin count * Add ability to disable Hello PIN per-service * Update NixOS support to 25.05 * Handle disabled device by attempting re-enrollment * Always attempt confidential client creds for aad-tool * Include HSM option defs in himmelblau.conf man page * Update flake.nix * Improve the aad-tool cache-clear command * Add `mfaSshWorkaroundFlag` configuration option to Nix Flake. * Add the ability to remove confidential client creds * If bad PIN count is exceeded, delete the Hello key * deps(rust): bump the all-cargo-updates group with 4 updates * Add instructions for creating developer builds * Fix GDM3 first time login password prompt * Default HsmType should be soft * Add himmelblaud to tss group for TPM startup * Enforce strict order for the systemd units * Update libhimmelblau and compact_jwt * Fix builds w/tpm * aad-tool Authentication flow improvements * Filter out irrelevant debug in aad-tool * Create a unified login experience for aad-tool * Utilize confidential creds for aad-tool enumerate * himmelblau should get posix attributes w/out delegate user access * Always use the Object Id for mapping Group to GID * Update enhancement-request.md for SPI donations * Update bug_report.md with SPI donation * deps(rust): bump the all-cargo-updates group with 4 updates * Update build requires in README.md * Enforce strict order for the systemd units * Update FUNDING.yml with SPI Paypal donation button * Don't break from tasks loop when policies fail * Enroll in Intune as soon as it is enabled * Implement `decoupled hello` behavior * Cache encrypted PRT to disk for offline login SSO * Update to latest hsm-crypto * Enable tpm functionality * Allow altering the password and PIN prompt messages * Ensure Hello PIN lockout happens when online * Cache the build target output to improve build times * Easier build selection w/ Makefile * Revert mistaken removal from Makefile * Make the user wait longer with each incorrect PIN * Make the bad PIN count configurable * Improve aad-tool manpage * aad-tool fails if the user has FIDO2 enabled * Offline auth permits authentication with invalid Hello PIN * PIN complexity to match Windows * Update to latest SSSD idmap code * Add aad-tool options for setting posix attrs * Add scopes and redirect uris aad-tool application create * Add aad-tool commands for managaging extension attrs * deps(rust): bump the all-cargo-updates group with 4 updates * cargo clippy * cargo fmt * Utilize the sidtoname call for object id mapping * Add commands for listing/creating App registrations * Potential fix for code scanning alert no. 2: Workflow does not contain permissions * Potential fix for code scanning alert no. 4: Workflow does not contain permissions * Potential fix for code scanning alert: Workflow does not contain permissions * Never write the app_id to the server config * Disable passwordless Fido by default * Stop using deprecated `users` crate * When group membership lookup fails, use cached groups * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates * deps(rust): bump the all-cargo-updates group with 4 updates * aad-tool command for enumerating users and groups * Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass * Add the configure-pam option to aad-tool man page * Add static idmap cache for on-prem to cloud migration * Update bug_report.md with request for himmelblau.conf * deps(rust): bump the all-cargo-updates group with 2 updates * Update crates in a group * Update crate bumps * Utilize new Intune compliance enforcement via libhimmelblau * Correct the README regarding Intune policy compliance * Disable Chromium policy * Re-enable Intune policy and add scripts and compliance policies * himmelblau.conf alias `domain` as `domains` * Support Fido auth in pam passwd * Add TAP support to himmelblaud and pam passwd * Mixed case names should properly identify Hello Key * Update linux-entra-sso to latest version * Fix group lookup for Entra Id group name * Fix mixed case name lookup from PRT cache * Crate updates * Fix tasks daemon debug output * Remove write locks where unecessary * Fix deadlock in nss * systemd notify fixes * Console * Address Feedback * Order services before gdb/nss-user-target * deps(rust): bump rpassword from 7.3.1 to 7.4.0 * deps(rust): bump tokio from 1.44.2 to 1.45.0 * deps(rust): bump sha2 from 0.10.8 to 0.10.9 * deps(rust): bump systemd-journal-logger from 2.2.0 to 2.2.2 * deps(rust): bump clap from 4.5.31 to 4.5.38 * Update notify-debouncer-full * Update opentelemetry * Update dependencies * deps(rust): bump time from 0.3.39 to 0.3.41 * Replace source filter that blacklists files with filter that whitelists files. * Mark himmelblau.conf as config in rpm * Update README.md * Ensure only the base URL is printed to log * If unix_user_get fails, wait, and try again * Supplying a PRT cookie to SSO doesn't require network * Don't send a password prompt if the network is down * Auth via MFA if Hello PIN fails 3 times * Improve Hello PIN failed auth error * Fix rocky9 build * deps(rust): bump anyhow from 1.0.96 to 1.0.98 * deps(rust): bump libc from 0.2.170 to 0.2.172 * deps(rust): bump cc from 1.2.16 to 1.2.19 * Update README.md * deps(rust): bump tokio from 1.43.0 to 1.44.2 * deps(rust): bump openssl from 0.10.71 to 0.10.72 in the cargo group * deps(rust): bump reqwest from 0.12.12 to 0.12.15 * Update libhimmelblau in Cargo.lock * Fix nss and offline checks for domain aliases * Report error when MS Authenticator denies authorization * Bail out of invalid offline auth * Handle AADSTS errors from BeginAuth response * Never dump failed reqwests to the log * Update sccache-action version to use new cache service * Permit daemon to start when network is down * Add an nss cache for when daemon is down * Additional pam info cues * Proceed with Hello auth even with net down * Indicate to the user what the password and PIN are * Ensure pam messages are seen * Display the minimum PIN length during Hello setup * PAM should loop, not die on error * Ensure prompt msg remains for confirmation * Update bug_report.md * Ignore demands for setting up MS Authenticator * Login fails if Entra is configured to recommend MS authenticator * Add pam configure command to aad-tool * Update README.md with pam passwd instructions * aad-tool authtest needs to map names * Update demo video in README.md * Sign RPM packages * Ensure the pam module is installed correctly for SLE * Improve pam error handling and messaging * Only push cachix builds for stable releases * Terminate linux-entra-sso when browser terminates * On deb, push pam config after install * Increase priority of deb PAM passwd for Himmelblau * Improve offline state handling * Specify request for Entra Id password in PAM * QR Greeter also supports gnome-shell 47 * Fix profile photo loading * Clarify pam_allow_groups in himmelblau.conf man page * Don't hide debug for pam_allow_groups miss * Handle failures in passwordless auth * build all root packages * split config options that can be defined per-domain from those which are global only * configure cachix signing and upload in ci * deps(rust): bump serde_json from 1.0.138 to 1.0.140 * deps(rust): bump serde from 1.0.218 to 1.0.219 * deps(rust): bump time from 0.3.37 to 0.3.39 * deps(rust): bump bytes from 1.10.0 to 1.10.1 * deps(rust): bump pkg-config from 0.3.31 to 0.3.32 * Entra Id is case insensitive, cache lookup must match * deps(rust): bump ring from 0.17.9 to 0.17.13 in the cargo group * Support CompanionAppsNotification mfa method * QR code for gnome-shell greeter * Allow tasks to start if AccountsService dir missing * Remove invalid python dependency from sso package * Fixes https://github.com/himmelblau-idm/himmelblau/issues/397 * Clear server config when clearing cache * Update version in the Cargo.lock * deps(rust): bump async-trait from 0.1.86 to 0.1.87 * deps(rust): bump chrono from 0.4.39 to 0.4.40 * Fix himmelblau.conf man page cn_name_mapping entry * deps(rust): bump pem from 3.0.4 to 3.0.5 * deps(rust): bump serde from 1.0.217 to 1.0.218 * Version 1.0.0 * deps(rust): bump cc from 1.2.15 to 1.2.16 * Update workflow versions ++++ kernel-source: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-docs: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-kvmsmall: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-obs-build: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-obs-qa: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-syms: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ kernel-zfcpdump: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 4a185e4 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit cfb334a - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 3a3c827 - Refresh and move upstreamed ath12k patch into sorted section - commit 6886361 - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - commit 3ef2af3 - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c00b6f5 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit eb3646e ++++ postgresql18: - bsc#1258754: Update to 18.3 to fix two regressions in 18.2: * https://www.postgresql.org/docs/release/18.3/ * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". ++++ nvidia-open-driver-G07-signed-cuda: - update non-CUDA version to 595.45.04 (boo#1258797) - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15826) ++++ nvidia-open-driver-G07-signed: - update non-CUDA version to 595.45.04 (boo#1258797) - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15826) ++++ openQA: - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure ++++ openQA: - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure ++++ openQA: - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure ++++ openQA: - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure ++++ openQA: - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure ++++ postgresql14: - bsc#1258754: Update to 14.22 to fix two regressions in 14.21: * https://www.postgresql.org/docs/release/14.22/ * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". ++++ postgresql16: - bsc#1258754: Update to 16.13 to fix two regressions in 16.12: * https://www.postgresql.org/docs/release/16.13/ * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". ++++ postgresql17: - bsc#1258754: Update to 17.9 to fix two regressions in 17.8: * https://www.postgresql.org/docs/release/17.9/ * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". ++++ postgresql18-mini: - bsc#1258754: Update to 18.3 to fix two regressions in 18.2: * https://www.postgresql.org/docs/release/18.3/ * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". ++++ rubygem-agama-yast: - Do not log the URL password in the "inst.install_url" boot parameter (bsc#1258701) ++++ suse-lifecycle: - Use strip-nondeterminism to normalize .egg mtimes (bsc#1249253) ------------------------------------------------------------------ ------------------ 2026-2-23 - Feb 23 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-azure: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-default: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-rt: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ docker-compose: - Add patch for CVE-2025-47914 (bsc#1254041), CVE-2025-47913 (bsc#1253584): * 0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch - Add patch for CVE-2025-62725 (bsc#1252752) * 0002-CVE-2025-62725-fix-Enforce-compose-files-from-OCI-ar.patch ++++ dtb-aarch64: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-source: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-docs: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-kvmsmall: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-obs-build: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-obs-qa: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-syms: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ kernel-zfcpdump: - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit b2654a5 - block,bfq: fix aux stat accumulation destination (git-fixes). - commit 2a3051f - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - i40e: validate ring_len parameter against hardware-specific values (git-fixes). - net/mlx5: Initialize events outside devlink lock (git-fixes). - commit bbb1b4f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 3fff732 - btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635 CVE-2025-71184). - commit 4039cd5 - tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" (git-fixes) - commit d36259f - tee: fix memory leak in tee_dyn_shm_alloc_helper (git-fixes) - commit 7a7323a - arm64: Force the use of CNTVCT_EL0 in __delay() (git-fixes) - commit 2e8d443 - arm64: poe: fix stale POR_EL0 values for ptrace (git-fixes) - commit e7cd7ba - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (git-fixes) - commit ea3dd60 - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - commit 63015f7 - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - commit c07c434 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit 142d6d3 ++++ maven-resolver: - Update to upstream version 1.9.27 * Bug Fixes + Sync TrackingFileManager with 2.x ++++ maven-resolver-supplier: - Update to upstream version 1.9.27 * Bug Fixes + Sync TrackingFileManager with 2.x ++++ mdadm: - Update to version 4.4+39.g1b34084f: * platform-intel: Deal with hot-unplugged devices (bsc#1258265) * imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009) ++++ openQA: - Update to version 5.1771872170.9e49dbec: * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ openQA: - Update to version 5.1771846996.b67911c1: * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ openQA: - Update to version 5.1771846996.b67911c1: * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ openQA: - Update to version 5.1771846996.b67911c1: * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ openQA: - Update to version 5.1771846996.b67911c1: * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ openQA: - Update to version 5.1771846996.b67911c1: * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output ++++ osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync packages - Fix 'osc build' to retrieve buildconfig from git package's cache - Fix 'osc token' error handling for project wide trigger - Fix string formatting for id in obs-request.xml in 'git-obs pr dump' - Library: - Consolidate build types in build.py and commandline.py - Fix build.get_build_type() by comparing binary_type only if specified - Make use of queryconfig tool configurable and consistent - Fix how get_request_collection() filters the projects and packages - Support copying packages from an scmsync source, when target exists - Add timestamps to the DEBUG output - Update new project template ++++ python-PyPDF2: - Add security patches: * CVE-2025-55197.patch (bsc#1248089) * CVE-2026-27024.patch (bsc#1258691) * CVE-2026-27025.patch (bsc#1258692) * CVE-2026-27026.patch (bsc#1258693) ++++ python-PyPDF2: - Add security patches: * CVE-2025-55197.patch (bsc#1248089) * CVE-2026-27024.patch (bsc#1258691) * CVE-2026-27025.patch (bsc#1258692) * CVE-2026-27026.patch (bsc#1258693) ++++ python-PyPDF2: - Add security patches: * CVE-2025-55197.patch (bsc#1248089) * CVE-2026-27024.patch (bsc#1258691) * CVE-2026-27025.patch (bsc#1258692) * CVE-2026-27026.patch (bsc#1258693) ++++ python-PyPDF2: - Add security patches: * CVE-2025-55197.patch (bsc#1248089) * CVE-2026-27024.patch (bsc#1258691) * CVE-2026-27025.patch (bsc#1258692) * CVE-2026-27026.patch (bsc#1258693) ------------------------------------------------------------------ ------------------ 2026-2-22 - Feb 22 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 140.8.0 ESR MFSA 2026-17 (boo#1258568) * CVE-2026-2757 (bmo#2001637) Incorrect boundary conditions in the WebRTC: Audio/Video component * CVE-2026-2758 (bmo#2009608) Use-after-free in the JavaScript: GC component * CVE-2026-2759 (bmo#2010933) Incorrect boundary conditions in the Graphics: ImageLib component * CVE-2026-2760 (bmo#2011062) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component * CVE-2026-2761 (bmo#2011063) Sandbox escape in the Graphics: WebRender component * CVE-2026-2762 (bmo#2011649) Integer overflow in the JavaScript: Standard Library component * CVE-2026-2763 (bmo#2012018) Use-after-free in the JavaScript Engine component * CVE-2026-2764 (bmo#2012608) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component * CVE-2026-2765 (bmo#2013562) Use-after-free in the JavaScript Engine component * CVE-2026-2766 (bmo#2013583) Use-after-free in the JavaScript Engine: JIT component * CVE-2026-2767 (bmo#2013741) Use-after-free in the JavaScript: WebAssembly component * CVE-2026-2768 (bmo#2014101) Sandbox escape in the Storage: IndexedDB component * CVE-2026-2769 (bmo#2014550) Use-after-free in the Storage: IndexedDB component * CVE-2026-2770 (bmo#2014585) Use-after-free in the DOM: Bindings (WebIDL) component * CVE-2026-2771 (bmo#2014593) Undefined behavior in the DOM: Core & HTML component * CVE-2026-2772 (bmo#2014827) Use-after-free in the Audio/Video: Playback component * CVE-2026-2773 (bmo#2014832) Incorrect boundary conditions in the Web Audio component * CVE-2026-2774 (bmo#2014883) Integer overflow in the Audio/Video component * CVE-2026-2775 (bmo#2015199) Mitigation bypass in the DOM: HTML Parser component * CVE-2026-2776 (bmo#2015266) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software * CVE-2026-2777 (bmo#2015305) Privilege escalation in the Messaging System component * CVE-2026-2778 (bmo#2016358) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component * CVE-2026-2779 (bmo#1164141) Incorrect boundary conditions in the Networking: JAR component * CVE-2026-2780 (bmo#2007829) Privilege escalation in the Netmonitor component * CVE-2026-2781 (bmo#2009552) Integer overflow in the Libraries component in NSS * CVE-2026-2782 (bmo#2010743) Privilege escalation in the Netmonitor component * CVE-2026-2783 (bmo#2010943) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-2784 (bmo#2012984) Mitigation bypass in the DOM: Security component * CVE-2026-2785 (bmo#2013549) Invalid pointer in the JavaScript Engine component * CVE-2026-2786 (bmo#2013612) Use-after-free in the JavaScript Engine component * CVE-2026-2787 (bmo#2014560) Use-after-free in the DOM: Window and Location component * CVE-2026-2788 (bmo#2014824) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-2789 (bmo#2015179) Use-after-free in the Graphics: ImageLib component * CVE-2026-2790 (bmo#2008426) Same-origin policy bypass in the Networking: JAR component * CVE-2026-2791 (bmo#2015220) Mitigation bypass in the Networking: Cache component * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, bmo#2012331) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - add thunderbird-bmo2006630.patch (bmo#2006630) ++++ kernel-64kb: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-azure: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-default: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-rt: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ cosign: - Update to version 3.0.5: * CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates (bsc#1258542) * CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612) * CVE-2026-24137: Fixed github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139) * CVE-2026-22772: Fixed github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562) * CVE-2026-23991: Fixed github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080) * CVE-2026-23992: Fixed github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085) * chore(deps): bump google.golang.org/api from 0.260.0 to 0.264.0 (#4679) * chore(deps): bump github.com/sigstore/rekor-tiles/v2 from 2.0.1 to 2.1.0 (#4670) * chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4712) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4680) * chore(deps): bump the gomod group across 1 directory with 4 updates (#4702) * chore(deps): bump the actions group with 3 updates (#4703) * update golang builder to use go1.25.7 (#4687) * update golangci-lint to v2.8.x (#4688) * Fix typo in CLI help (#4701) * Support DSSE signing conformance test (#4685) * chore(deps): bump the actions group across 1 directory with 8 updates (#4689) * Deprecate rekor-entry-type flag (#4691) * Deprecate cosign triangulate (#4676) * Deprecate cosign copy (#4681) * Enforce TSA requirement for Rekor v2, Fuclio signing (#4683) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4668) * chore(deps): bump golang from 1.25.5 to 1.25.6 in the all group (#4673) * Automatically require signed timestamp with Rekor v2 entries (#4666) * Fix syntax issue in conformance test, update nightly (#4664) * Add mTLS support for TSA client connections when signing with a signing config (#4620) * fix: avoid panic on malformed tlog entry body (#4652) * Verify validity of chain rather than just certificate (#4663) * Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626) * chore(deps): bump the gomod group across 1 directory with 3 updates (#4662) * Bump sigstore/sigstore to resolve GHSA (#4660) * Gracefully fail if bundle payload body is not a string (#4648) * fix: avoid panic on malformed replace payload (#4653) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#4659) * fix: avoid panic on malformed attestation payload (#4651) * fix: avoid panic on malformed tlog entries (#4649) * Update conformance to latest * docs(cosign): clarify RFC3161 revocation semantics (#4642) * Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635) * chore(deps): bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 (#4637) * Add origin key for ctfe trusted root * Add changelog updates for v3.0.4 and v2.6.2 (#4625) ++++ dtb-aarch64: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-source: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-docs: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-kvmsmall: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-obs-build: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-obs-qa: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-syms: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ++++ kernel-zfcpdump: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 34f22c7 ------------------------------------------------------------------ ------------------ 2026-2-21 - Feb 21 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-azure: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-default: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-rt: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ dtb-aarch64: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-source: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-docs: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-kvmsmall: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-obs-build: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-obs-qa: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-syms: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ kernel-zfcpdump: - xfs: fix UAF in xchk_btree_check_block_owner (CVE-2026-23223 bsc#1258483). - commit 0986f41 - erofs: fix UAF issue for file-backed mounts w/ directio option (CVE-2026-23224 bsc#1258461). - commit 543a001 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 05f5344 - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 9c042c7 ++++ mosquitto: - update to 2.0.23 (boo#1258671) * Fix handling of disconnected sessions for `per_listener_settings true` * Check return values of openssl *_get_ex_data() and * _set_ex_data() to prevent possible crash. This could occur only in extremely unlikely situations * Check return value of openssl ASN1_string_[get0_]data() functions for NULL. This prevents a crash in case of incorrect certificate handling in openssl * Fix potential crash on startup if a malicious/corrupt persistence file from mosquitto 1.5 or earlier is loaded * Limit auto_id_prefix to 50 characters ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ openQA: - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication ++++ python-ty: - Initial package for python-ty version 0.0.4 ------------------------------------------------------------------ ------------------ 2026-2-20 - Feb 20 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 140.8.0 ESR * Fixed: Various security fixes. MFSA 2026-15 (bsc#1258568) * CVE-2026-2757 (bmo#2001637) Incorrect boundary conditions in the WebRTC: Audio/Video component * CVE-2026-2758 (bmo#2009608) Use-after-free in the JavaScript: GC component * CVE-2026-2759 (bmo#2010933) Incorrect boundary conditions in the Graphics: ImageLib component * CVE-2026-2760 (bmo#2011062) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component * CVE-2026-2761 (bmo#2011063) Sandbox escape in the Graphics: WebRender component * CVE-2026-2762 (bmo#2011649) Integer overflow in the JavaScript: Standard Library component * CVE-2026-2763 (bmo#2012018) Use-after-free in the JavaScript Engine component * CVE-2026-2764 (bmo#2012608) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component * CVE-2026-2765 (bmo#2013562) Use-after-free in the JavaScript Engine component * CVE-2026-2766 (bmo#2013583) Use-after-free in the JavaScript Engine: JIT component * CVE-2026-2767 (bmo#2013741) Use-after-free in the JavaScript: WebAssembly component * CVE-2026-2768 (bmo#2014101) Sandbox escape in the Storage: IndexedDB component * CVE-2026-2769 (bmo#2014550) Use-after-free in the Storage: IndexedDB component * CVE-2026-2770 (bmo#2014585) Use-after-free in the DOM: Bindings (WebIDL) component * CVE-2026-2771 (bmo#2014593) Undefined behavior in the DOM: Core & HTML component * CVE-2026-2772 (bmo#2014827) Use-after-free in the Audio/Video: Playback component * CVE-2026-2773 (bmo#2014832) Incorrect boundary conditions in the Web Audio component * CVE-2026-2774 (bmo#2014883) Integer overflow in the Audio/Video component * CVE-2026-2775 (bmo#2015199) Mitigation bypass in the DOM: HTML Parser component * CVE-2026-2776 (bmo#2015266) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software * CVE-2026-2777 (bmo#2015305) Privilege escalation in the Messaging System component * CVE-2026-2778 (bmo#2016358) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component * CVE-2026-2779 (bmo#1164141) Incorrect boundary conditions in the Networking: JAR component * CVE-2026-2780 (bmo#2007829) Privilege escalation in the Netmonitor component * CVE-2026-2781 (bmo#2009552) Integer overflow in the Libraries component in NSS * CVE-2026-2782 (bmo#2010743) Privilege escalation in the Netmonitor component * CVE-2026-2783 (bmo#2010943) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-2784 (bmo#2012984) Mitigation bypass in the DOM: Security component * CVE-2026-2785 (bmo#2013549) Invalid pointer in the JavaScript Engine component * CVE-2026-2786 (bmo#2013612) Use-after-free in the JavaScript Engine component * CVE-2026-2787 (bmo#2014560) Use-after-free in the DOM: Window and Location component * CVE-2026-2788 (bmo#2014824) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-2789 (bmo#2015179) Use-after-free in the Graphics: ImageLib component * CVE-2026-2790 (bmo#2008426) Same-origin policy bypass in the Networking: JAR component * CVE-2026-2791 (bmo#2015220) Mitigation bypass in the Networking: Cache component * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, bmo#2012331) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 ++++ MozillaFirefox: - Firefox Extended Support Release 140.8.0 ESR * Fixed: Various security fixes. MFSA 2026-15 (bsc#1258568) * CVE-2026-2757 (bmo#2001637) Incorrect boundary conditions in the WebRTC: Audio/Video component * CVE-2026-2758 (bmo#2009608) Use-after-free in the JavaScript: GC component * CVE-2026-2759 (bmo#2010933) Incorrect boundary conditions in the Graphics: ImageLib component * CVE-2026-2760 (bmo#2011062) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component * CVE-2026-2761 (bmo#2011063) Sandbox escape in the Graphics: WebRender component * CVE-2026-2762 (bmo#2011649) Integer overflow in the JavaScript: Standard Library component * CVE-2026-2763 (bmo#2012018) Use-after-free in the JavaScript Engine component * CVE-2026-2764 (bmo#2012608) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component * CVE-2026-2765 (bmo#2013562) Use-after-free in the JavaScript Engine component * CVE-2026-2766 (bmo#2013583) Use-after-free in the JavaScript Engine: JIT component * CVE-2026-2767 (bmo#2013741) Use-after-free in the JavaScript: WebAssembly component * CVE-2026-2768 (bmo#2014101) Sandbox escape in the Storage: IndexedDB component * CVE-2026-2769 (bmo#2014550) Use-after-free in the Storage: IndexedDB component * CVE-2026-2770 (bmo#2014585) Use-after-free in the DOM: Bindings (WebIDL) component * CVE-2026-2771 (bmo#2014593) Undefined behavior in the DOM: Core & HTML component * CVE-2026-2772 (bmo#2014827) Use-after-free in the Audio/Video: Playback component * CVE-2026-2773 (bmo#2014832) Incorrect boundary conditions in the Web Audio component * CVE-2026-2774 (bmo#2014883) Integer overflow in the Audio/Video component * CVE-2026-2775 (bmo#2015199) Mitigation bypass in the DOM: HTML Parser component * CVE-2026-2776 (bmo#2015266) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software * CVE-2026-2777 (bmo#2015305) Privilege escalation in the Messaging System component * CVE-2026-2778 (bmo#2016358) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component * CVE-2026-2779 (bmo#1164141) Incorrect boundary conditions in the Networking: JAR component * CVE-2026-2780 (bmo#2007829) Privilege escalation in the Netmonitor component * CVE-2026-2781 (bmo#2009552) Integer overflow in the Libraries component in NSS * CVE-2026-2782 (bmo#2010743) Privilege escalation in the Netmonitor component * CVE-2026-2783 (bmo#2010943) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-2784 (bmo#2012984) Mitigation bypass in the DOM: Security component * CVE-2026-2785 (bmo#2013549) Invalid pointer in the JavaScript Engine component * CVE-2026-2786 (bmo#2013612) Use-after-free in the JavaScript Engine component * CVE-2026-2787 (bmo#2014560) Use-after-free in the DOM: Window and Location component * CVE-2026-2788 (bmo#2014824) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-2789 (bmo#2015179) Use-after-free in the Graphics: ImageLib component * CVE-2026-2790 (bmo#2008426) Same-origin policy bypass in the Networking: JAR component * CVE-2026-2791 (bmo#2015220) Mitigation bypass in the Networking: Cache component * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, bmo#2012331) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 ++++ kernel-64kb: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-azure: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-default: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-rt: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ dtb-aarch64: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ gitea-tea: - update to 0.12.0: * New Features - Add tea actions commands for managing workflow runs and workflows in #880, #796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in #879 - Add repository webhook management commands in #798 - Add JSON output support for single PR view in #864 - Add JSON output and file redirection for issue detail view in [#841] - Support creating AGit flow pull requests in #867 * Bug Fixes - Fix authentication via environment variables when specifying repo argument in #809 - Fix issue detail view ignoring --owner flag in #899 - Fix PR create crash in #823 - Fix TTY prompt handling in #897 - Fix termenv OSC RGBA handling in #907 - Fix labels delete command and --id flag type in #865 - Fix delete repo command description in #858 - Fix pagination flags for secrets list, webhooks list, and pull requests list in #853, #852, - #851 - Enable git worktree support and improve PR create error handling in #850 - Only prompt for SSH passphrase when necessary in #844 - Only prompt for login confirmation when no default login is set in #839 - Skip token uniqueness check when using SSH authentication in [#898] - Require non-empty token in GetLoginByToken in #895 - Fix config file permissions to remove group read/write in [#856] * Improvements - Add file locking for safe concurrent access to config file in [#881] - Improve error messages throughout the CLI in #871 - Send consistent HTTP request headers in #888 - Revert requiring HTTP/HTTPS login URLs; restore SSH as a login method in #891 - Refactor context into dedicated subpackages in #873, #888 - General code cleanup and improvements in #869, #870 - Add test coverage for login matching in #820 * Build & Dependencies - Build with Go 1.25 in #886 - Build for Windows aarch64 - Update Gitea SDK version in #868 - Update Nix flake in #872 - Update dependencies including lipgloss v2, urfave/cli v3.6.2, go-git v5.16.5, and various Go modules in #849, #875, #876, [#878], #884, #885, #900, #901, #904, #905 - Update CI actions (checkout v6, setup-go v6) in #882, #883 - remove patches that do no longer apply: - fix-CVE-2025-58190.patch - fix-CVE-2025-47911.patch - gitea-tea-Fix-termenv-OSC-RGBA-handling.patch - remove-config-file-group-readwrite-permission-856.patch ++++ kernel-source: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-docs: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-kvmsmall: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-obs-build: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-obs-qa: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-syms: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ kernel-zfcpdump: - mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100 bsc#1257817). - commit d857986 - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn (git-fixes). - commit 70b84af - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit b8da8ac ++++ qscintilla-qt5: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 - Allow lowercase distinfo due to new pyqt-builder following PEP 639 ++++ libsoup: - Rebase and re-enable libsoup-CVE-2026-2708.patch. - Update to version 3.6.6: + websocket: Fix out-of-bounds read in process_frame + Check nulls returned by soup_date_time_new_from_http_string() + Numerous fixes to handling of Range headers + server: close the connection after responsing a request containing Content-Length and Transfer-Encoding + Use CRLF as line boundary when parsing chunked enconding data + websocket: do not accept messages frames after closing due to an error + Sanitize filename of content disposition header values + Always validate the headers value when coming from untrusted source + uri-utils: do host validation when checking if a GUri is valid + multipart: check length of bytes read soup_filter_input_stream_read_until() + message-headers: Reject duplicate Host headers + server: null-check soup_date_time_to_string() + auth-digest: fix crash in soup_auth_digest_get_protection_space() + session: fix 'heap-use-after-free' caused by 'finishing' queue item twice + cookies: Avoid expires attribute if date is invalid + http1: Set EOF flag once content-length bytes have been read + date-utils: Add value checks for date/time parsing + multipart: Fix multiple boundry limits + Fixed multiple possible memory leaks + message-headers: Correct merge of ranges + body-input-stream: Correct chunked trailers end detection + server-http2: Correctly validate URIs + multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() + headers: Ensure Request-Line comprises entire first line + tests: Fix MSVC build error + Fix possible deadlock on init from gmodule usage + Updated translations. - Drop upstream merged patches: + libsoup-CVE-2025-11021.patch + libsoup-CVE-2025-12105.patch + libsoup-CVE-2025-14523.patch + libsoup-CVE-2025-32907.patch + libsoup-CVE-2025-32908.patch + libsoup-CVE-2025-32914.patch + libsoup-CVE-2025-4476.patch + libsoup-CVE-2025-4945.patch + libsoup-CVE-2025-4948.patch + libsoup-CVE-2025-4969.patch + libsoup-CVE-2026-0716.patch + libsoup-CVE-2026-1536.patch + libsoup-CVE-2026-1761.patch + libsoup-CVE-2026-2369.patch + libsoup-CVE-2026-2443.patch + libsoup-CVE-2026-1467.patch + libsoup-CVE-2026-1760.patch - libsoup-CVE-2026-2708.patch temporarily disabled while we need to rebase it. - Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation when checking if a GUri is valid (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488). - Add libsoup-CVE-2026-1760.patch: server: close the connection after responsing a request containing... (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475). ++++ maven-surefire-plugins: - Upgrade to 3.5.5 * New features and improvements + Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) + Pass slf4j context to spawned thread + SUREFIRE-3239: allow override of statistics file checksum + Reduce log level for skipped tests result to info * Bug Fixes + Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4 + Properly work with test failures caused during beforeAll phase * Documentation updates + Clarify how late placeholder replacement (@{...}) deals with * Maintenance + Fix Jenkin badges in README + Use JUnit5 in failsafe ITs + Remove long-deprecated unused encoding property from VerifyMojo + Add IT and deal with corner cases of handling beforeAll failures + Revert PR #3194 that handle beforeAll failures to follow proper contributing rules * Build + Missing many files in the GH Artifacts of CI ex-post. * Dependency updates + Bump org.xmlunit:xmlunit-core from 2.10.3 to 2.11.0 + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.3.0 to 3.5.1 + Bump parent from 44 to 47 + Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng + Bump org.assertj:assertj-core from 3.27.4 to 3.27.7 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.27 + Bump org.htmlunit:htmlunit from 4.16.0 to 4.21.0 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption + Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 + Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 + Bump commons-io:commons-io from 2.20.0 to 2.21.0 + Bump jacocoVersion from 0.8.13 to 0.8.14 - Modified patches: * 0001-Port-to-TestNG-7.4.0.patch * 0002-Unshade-surefire.patch + rediff * maven-surefire-bootstrap-resources.patch + regenerate from non-bootstrap build ++++ maven-surefire: - Upgrade to 3.5.5 * New features and improvements + Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) + Pass slf4j context to spawned thread + SUREFIRE-3239: allow override of statistics file checksum + Reduce log level for skipped tests result to info * Bug Fixes + Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4 + Properly work with test failures caused during beforeAll phase * Documentation updates + Clarify how late placeholder replacement (@{...}) deals with * Maintenance + Fix Jenkin badges in README + Use JUnit5 in failsafe ITs + Remove long-deprecated unused encoding property from VerifyMojo + Add IT and deal with corner cases of handling beforeAll failures + Revert PR #3194 that handle beforeAll failures to follow proper contributing rules * Build + Missing many files in the GH Artifacts of CI ex-post. * Dependency updates + Bump org.xmlunit:xmlunit-core from 2.10.3 to 2.11.0 + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.3.0 to 3.5.1 + Bump parent from 44 to 47 + Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng + Bump org.assertj:assertj-core from 3.27.4 to 3.27.7 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.27 + Bump org.htmlunit:htmlunit from 4.16.0 to 4.21.0 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption + Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 + Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 + Bump commons-io:commons-io from 2.20.0 to 2.21.0 + Bump jacocoVersion from 0.8.13 to 0.8.14 - Modified patches: * 0001-Port-to-TestNG-7.4.0.patch * 0002-Unshade-surefire.patch + rediff * maven-surefire-bootstrap-resources.patch + regenerate from non-bootstrap build ++++ maven-surefire-provider-junit5: - Upgrade to 3.5.5 * New features and improvements + Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) + Pass slf4j context to spawned thread + SUREFIRE-3239: allow override of statistics file checksum + Reduce log level for skipped tests result to info * Bug Fixes + Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4 + Properly work with test failures caused during beforeAll phase * Documentation updates + Clarify how late placeholder replacement (@{...}) deals with * Maintenance + Fix Jenkin badges in README + Use JUnit5 in failsafe ITs + Remove long-deprecated unused encoding property from VerifyMojo + Add IT and deal with corner cases of handling beforeAll failures + Revert PR #3194 that handle beforeAll failures to follow proper contributing rules * Build + Missing many files in the GH Artifacts of CI ex-post. * Dependency updates + Bump org.xmlunit:xmlunit-core from 2.10.3 to 2.11.0 + Bump org.apache.maven.plugin-testing :maven-plugin-testing-harness from 3.3.0 to 3.5.1 + Bump parent from 44 to 47 + Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng + Bump org.assertj:assertj-core from 3.27.4 to 3.27.7 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.27 + Bump org.htmlunit:htmlunit from 4.16.0 to 4.21.0 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption + Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 + Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 + Bump commons-io:commons-io from 2.20.0 to 2.21.0 + Bump jacocoVersion from 0.8.13 to 0.8.14 - Modified patches: * 0001-Port-to-TestNG-7.4.0.patch * 0002-Unshade-surefire.patch + rediff * maven-surefire-bootstrap-resources.patch + regenerate from non-bootstrap build ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ openQA: - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set ++++ python-qt5: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 ++++ python-qtwebengine-qt5: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 ++++ uzdoom: - Drop nonfree content from source archive ------------------------------------------------------------------ ------------------ 2026-2-19 - Feb 19 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-azure: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-default: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-rt: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ docker-stable: - Places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. (bsc#1253904, CVE-2025-58181) * 0018-CVE-2025-58181-fix-vendor-crypto-ssh-3.patch ++++ dtb-aarch64: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-source: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-docs: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-kvmsmall: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-obs-build: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-obs-qa: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-syms: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ kernel-zfcpdump: - Update patches.suse/scsi-Revert-scsi-qla2xxx-Perform-lockless-command-co.patch (git-fixes CVE-2025-68818 bsc#1256675). Add in the CVE and bsc numbers. - commit 421452a - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371 bsc#1255572). - commit 1b0c2b6 - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - commit 9cb32ea - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit baec66c ++++ libsoup2: - Add libsoup2-CVE-2026-2708.patch: do not allow adding multiple content length values to headers (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500). ++++ libsoup: - Add libsoup-CVE-2026-2708.patch: do not allow adding multiple content length values to headers (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500). ++++ makedumpfile: - makedumpfile-Fix-data-race-in-multi-threading-mode.patch: Fix a data race in multi-threading mode (--num-threads=N) (bsc#1245569, bsc#1256455). ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ openQA: - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * feat: Allow specifying `CASEDIR` to avoid symlinking * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ os-autoinst: - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs ++++ selinux-policy: - Update to version 20250627+git351.529352149: * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725) * privoxy: account for openSUSE chroot configuration (bsc#1237375) ++++ smc-tools: - Upgrade smc-tools to version 1.8.7 (jsc#PED-14601, bsc#1230052) - Bug fixes: * smc_rnics: fix regression when PFT not available * smcd/smcr: prevent DoS on statistics workfile present in /tmp/ ------------------------------------------------------------------ ------------------ 2026-2-18 - Feb 18 2026 ------------------- ------------------------------------------------------------------ ++++ byte-buddy: - Removed patch: * 0001-Avoid-bundling-asm.patch + needed for migration of uyuni to hibernate 7 which imports the shaded asm classes ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media ++++ kernel-64kb: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-azure: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-default: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-rt: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ dtb-aarch64: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ freerdp2: - Add more CVE fixes: + freerdp-CVE-2026-24491.patch (CVE-2026-24491, bsc#1257981) + freerdp-CVE-2026-24675.patch (CVE-2026-24675, bsc#1257982) + freerdp-CVE-2026-24676.patch (CVE-2026-24676, bsc#1257983) + freerdp-CVE-2026-24679.patch (CVE-2026-24679, bsc#1257986) + freerdp-CVE-2026-24681.patch (CVE-2026-24681, bsc#1257988) + freerdp-CVE-2026-24682.patch (CVE-2026-24682, bsc#1257989) + freerdp-CVE-2026-24683.patch (CVE-2026-24683, bsc#1257990) + freerdp-CVE-2026-24684.patch (CVE-2026-24684, bsc#1257991) + freerdp-CVE-2026-24684-2.patch (CVE-2026-24684, bsc#1257991) ++++ kernel-source: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-docs: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-kvmsmall: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-obs-build: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-obs-qa: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-syms: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ kernel-zfcpdump: - kABI: Fixup for struct mmu_gather (Git-fixes). - commit 343900f - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Git-fixes). - commit 3fe2b90 - mm/hugetlb: fix copy_hugetlb_page_range() to use - >pt_share_count (git-fixes). - commit 2c06689 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 5b3134b - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit 858b063 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). - commit 3cc4362 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 6d23e32 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2bd0db9 - dmaengine: fsl-edma: don't explicitly disable clocks in .remove() (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - phy: freescale: imx8qm-hsio: fix NULL pointer dereference (git-fixes). - phy: qcom: edp: Make the number of clocks flexible (git-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: dwc3: gadget: Move vbus draw to workqueue context (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - iio: accel: adxl380: Avoid reading more entries than present in FIFO (git-fixes). - iio: pressure: mprls0025pa: fix pressure calculation (git-fixes). - iio: pressure: mprls0025pa: fix scan_type struct (git-fixes). - iio: pressure: mprls0025pa: fix interrupt flag (git-fixes). - iio: pressure: mprls0025pa: fix SPI CS delay violation (git-fixes). - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation (git-fixes). - iio: test: drop dangling symbol in gain-time-scale helpers (git-fixes). - interconnect: mediatek: Aggregate bandwidth with saturating add (git-fixes). - interconnect: mediatek: Don't hijack parent device (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - serial: caif: fix use-after-free in caif_serial ldisc_close() (git-fixes). - dmaengine: sh: setup_xref error handling (stable-fixes). - commit d3fb21a ++++ vlc: - Add libupnp-1.18.patch ++++ openQA: - Update to version 5.1771422749.560a3b26: * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings ++++ perl-MCP: - updated to 0.80.0 (0.08) see /usr/share/doc/packages/perl-MCP/Changes 0.08 2026-02-17 - Added support for tool annotations. (d3flex) ++++ python-Authlib: - CVE-2025-68158: 1-click account takeover in applications that use the Authlib library (bsc#1256414) * added CVE-2025-68158.patch ++++ python-Authlib: - CVE-2025-68158: 1-click account takeover in applications that use the Authlib library (bsc#1256414) * added CVE-2025-68158.patch ------------------------------------------------------------------ ------------------ 2026-2-17 - Feb 17 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.1 ESR * Fixed: Security fix. MFSA 2026-10 (bsc#1258231) * CVE-2026-2447 (bmo#2014390) Heap buffer overflow in libvpx ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.1 ESR * Fixed: Security fix. MFSA 2026-10 (bsc#1258231) * CVE-2026-2447 (bmo#2014390) Heap buffer overflow in libvpx ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.1 ESR * Fixed: Security fix. MFSA 2026-10 (bsc#1258231) * CVE-2026-2447 (bmo#2014390) Heap buffer overflow in libvpx ++++ MozillaThunderbird: - Mozilla Thunderbird 140.7.2 ESR MFSA 2026-11 (boo#1258231) * CVE-2026-2447 (bmo#2014390) Heap buffer overflow in libvpx ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - modified patches: * chromium-141-glibc-2.42-SYS_SECCOMP.patch (trigger only with glibc-2.43) ++++ kernel-64kb: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-azure: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-default: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-rt: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ containerized-data-importer: - Update to version 1.64.0 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.64.0 bsc#1235204 (CVE-2024-28180), bsc#1235365 (CVE-2024-45338), bsc#1239205 (CVE-2025-22868) ++++ cpp-httplib: - Fix CVE-2025-53629, header can allocate memory arbitrarily in the server, potentially leading to its exhaustion (CVE-2025-53628, bsc#1246471) * CVE-2025-53628-53629.patch - Fix CVE-2025-53628, HTTP header smuggling due to insecure trailers merge (CVE-2025-53628, bsc#1246468) ++++ dtb-aarch64: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-source: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-docs: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-kvmsmall: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-obs-build: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-obs-qa: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-syms: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ++++ kernel-zfcpdump: - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free (git-fixes). - commit 2b8ec20 - cgroup: Fix kernfs_node UAF in css_free_rwork_fn (git-fixes). - commit c3b7760 - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (stable-fixes). - commit ac8783b - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023 bsc#1257556). - commit 63e3066 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 8fe4d9c ------------------------------------------------------------------ ------------------ 2026-2-16 - Feb 16 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ chromium: - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch * added patches: 0001-swiftshader-fix-build-llvm10.patch * removed patches: chromium-143-swiftshader-llvm-16.0.patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging * added patches: rollup.patch - update/resync ppc64le patches from fedora: * modified patches: ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-study-crash.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-skia-vsx-instructions.patch * removed patches: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch * added patches: ppc-fedora-HACK-debian-clang-disable-pa-musttail.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-page-allocator-overflow.patch chromium-143-swiftshader-llvm-16.0.patch chromium-145-swiftshader-missing-include.patch - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) ++++ kernel-64kb: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-azure: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-default: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-rt: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ dtb-aarch64: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ fluidsynth: - Fix NULL pointer deference when loading and invalid MIDI file (CVE-2025-56225, bsc#1256435): 0001-Fix-a-nullpointer-dereference-during-legato-mode-160.patch ++++ kernel-source: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-docs: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-kvmsmall: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-obs-build: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-obs-qa: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-syms: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ++++ kernel-zfcpdump: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit 8244124 - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit cbe6f46 ------------------------------------------------------------------ ------------------ 2026-2-14 - Feb 14 2026 ------------------- ------------------------------------------------------------------ ++++ rust1.93: - bsc#1253321 - Resolve missing gcc requirement that may affect some crate building ++++ kernel-64kb: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-azure: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-default: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-rt: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ dtb-aarch64: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-source: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-docs: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-kvmsmall: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-obs-build: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-obs-qa: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-syms: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ kernel-zfcpdump: - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Disable continuous read during probe (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 8b24802 ++++ libsoup2: - Add more CVE fixes: + libsoup2-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049 glgo#GNOME/libsoup#390) + libsoup2-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443 glgo#GNOME/libsoup#487) + libsoup2-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369 glgo#GNOME/libsoup!508) ++++ libsoup: - Add more CVE fixes: + libsoup-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049 glgo#GNOME/libsoup#390) + libsoup-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443 glgo#GNOME/libsoup#487) + libsoup-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369 glgo#GNOME/libsoup!508) ------------------------------------------------------------------ ------------------ 2026-2-13 - Feb 13 2026 ------------------- ------------------------------------------------------------------ ++++ busybox: - Fix arbitrary file overwrite and potential code execution via incomplete path sanitization (CVE-2026-26157, bsc#1258163), fix arbitrary file modification and privilege escalation via unvalidated tar archive entries (CVE-2026-26158, bsc#1258167) * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ chromium: - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes ++++ kernel-64kb: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-azure: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-default: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-rt: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ dtb-aarch64: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ golang-github-prometheus-prometheus: - CVE-2026-25547: Fix unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841): * Bump brace-expansion to version 5.0.2 - Add 0005-Bump-brace-expansion.patch ++++ kernel-source: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-docs: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-kvmsmall: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-obs-build: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-obs-qa: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-syms: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ kernel-zfcpdump: - rtmutex_api: provide correct extern functions (git-fixes). - commit 351d966 - kabi/severities: Ignore tdx related APIs Changing struct tdx_vp causes various tdh_* apis to also change. In our kernel those are EXPORT_SYMBOL_GPL while in the upstream kernel they are EXPORT_SYMBOL_FOR_KVM, meaning the original intent was for those symbol to be consumed only by KVM. So let's add those symbol to severities and exclude them from ABI checking. - commit 48755cb - KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() (git-fixes). - commit 6c28814 - KVM: x86: Enable KVM_GUEST_MEMFD for all 64-bit builds (git-fixes). - commit 6b4e8db - KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE (git-fixes). - commit 666f7db - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix aux device unplugging when rdma is not supported by vport (CVE-2026-23042 bsc#1257705). - idpf: fix memory leak of flow steer list on rmmod (CVE-2026-23024 bsc#1257572). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - idpf: fix memory leak in idpf_vc_core_deinit() (CVE-2026-23022 bsc#1257581). - commit 0686561 - KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GUEST_MEMFD (git-fixes). - commit 0ae9ca0 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit f9b5687 ++++ libxml2: - CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) * Add patch libxml2-CVE-2026-0990.patch - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `` elements (bsc#1256808, bsc#1256809, bsc#1256812) * Add patch libxml2-CVE-2026-0992.patch - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) * Add patch libxml2-CVE-2025-8732.patch ++++ libxml2-python: - CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) * Add patch libxml2-CVE-2026-0990.patch - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `` elements (bsc#1256808, bsc#1256809, bsc#1256812) * Add patch libxml2-CVE-2026-0992.patch - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) * Add patch libxml2-CVE-2025-8732.patch ++++ squid: - squid-Bug-5390-Non-POD-SquidConfig-ssl_client-sslContext-e.patch: fix workign with crypto module (bsc#1250223) ------------------------------------------------------------------ ------------------ 2026-2-12 - Feb 12 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-azure: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-default: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-rt: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ dtb-aarch64: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ gitea-tea: - Fix terminal rendering errors * gitea-tea-Fix-termenv-OSC-RGBA-handling.patch ++++ gitea-tea: - Fix terminal rendering errors * gitea-tea-Fix-termenv-OSC-RGBA-handling.patch ++++ go1.26: - Enable go-race on riscv64 ++++ haproxy: - (bsc#1257976)VUL-0: CVE-2026-26081, CVE-2026-26080: haproxy: vulnerabilities on QUIC Apply upstream patches: 0001-fix-parsing-frame-type.patch 0001-reject-invalid-token.patch ++++ kernel-source: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-docs: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-kvmsmall: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-obs-build: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-obs-qa: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-syms: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ kernel-zfcpdump: - KABI: fix "Revert-dm-fix-a-race-condition-in-retrieve_deps.patch" (git-fixes). - commit 53fd79b - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - selftests/tc-testing: Try to add teql as a child qdisc (CVE-2026-23105 bsc#1257775). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit 3ff4470 - Revert "dm: fix a race condition in retrieve_deps" (git-fixes). - commit e64c40a - Refresh sorted patches. - commit 3b39938 - RISC-V: KVM: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 292c30b - KVM: arm64: use kvm_trylock_all_vcpus when locking all vCPUs (git-fixes). - commit 45ee0a5 - KVM: add kvm_lock_all_vcpus and kvm_trylock_all_vcpus (git-fixes). - commit f8807d7 - x86: KVM: SVM: use kvm_lock_all_vcpus instead of a custom implementation (git-fixes). - commit 27b7fd9 - locking/mutex: implement mutex_lock_killable_nest_lock (git-fixes). - commit c11266f - locking/mutex: implement mutex_trylock_nested (git-fixes). - commit 4df10c6 - KVM: TDX: Use struct_size to simplify tdx_get_capabilities() (git-fixes). - commit 1f75b03 - KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (git-fixes). - commit 319fd02 - KVM: TDX: Fix sparse warnings from using 0 for NULL (git-fixes). - commit 3438716 - KVM: TDX: Remove __user annotation from kernel pointer (git-fixes). - commit f5a4acb - KVM: TDX: Take MMU lock around tdh_vp_init() (git-fixes). - commit 3b6a5f3 - KVM: TDX: Fix list_add corruption during vcpu_load() (git-fixes). - commit fcf6177 - KVM: TDX: Bug the VM if extending the initial measurement fails (git-fixes). - commit 056ce6c - KVM: TDX: Guard VM state transitions with "all" the locks (git-fixes). - commit 6fc029e - KVM: TDX: Don't copy "cmd" back to userspace for KVM_TDX_CAPABILITIES (git-fixes). - commit a1cf957 - KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() (git-fixes). - commit 53cbd86 - KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl (git-fixes). - commit 33e9280 - KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command (git-fixes). - commit db2e487 - KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest (git-fixes). - commit f789249 - KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries (git-fixes). - commit 5c9b28f - KVM: TDX: Derive error argument names from the local variable names (git-fixes). - commit e750b72 - KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() (git-fixes). - commit d2a9d32 - KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 8fa4208 - KVM: TDX: ADD pages to the TD image while populating mirror EPT entries (git-fixes). - commit 05e82a8 - KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller (git-fixes). - commit cc267d2 - KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent (git-fixes). - commit 794f48a - KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() (git-fixes). - commit 8899368 - KVM: TDX: WARN if mirror SPTE doesn't have full RWX when creating S-EPT mapping (git-fixes). - commit d132554 - KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() (git-fixes). - commit 2570719 - KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() (git-fixes). - commit 83ec6b9 - KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition (git-fixes). - commit ebb64f7 - KVM: TDX: Drop superfluous page pinning in S-EPT management (git-fixes). - commit 5eced3b - KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() (git-fixes). - commit 11c9e24 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 8d2aab2 - migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097 bsc#1257815). - commit 30b8633 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 310c89d - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: dwc: Fix msg_atu_index assignment (git-fixes). - Revert "PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported" (stable-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: Use resource_set_range() that correctly sets ->end (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Check parent for NULL in of_pci_bus_release_domain_nr() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: endpoint: Avoid creating sub-groups asynchronously (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: rockchip: grf: Support multiple grf to be handled (git-fixes). - soc: rockchip: grf: Fix wrong RK3576_IOCGRF_MISC_CON definition (git-fixes). - reset: gpio: suppress bind attributes in sysfs (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization (stable-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 6474bb4 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: venus: vdec: restrict EOS addr quirk to IRIS2 only (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: i2c: ov01a10: Fix digital gain range (git-fixes). - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: dw9714: Fix powerup sequence (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c: ov01a10: Fix test-pattern disabling (git-fixes). - media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() (git-fixes). - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls (git-fixes). - media: i2c: ov01a10: Fix analogue gain range (git-fixes). - media: i2c: ov01a10: Fix reported pixel-rate value (git-fixes). - media: i2c: ov01a10: Fix the horizontal flip control (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() (git-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: chips-media: wave5: Fix device cleanup order to prevent kernel panic (git-fixes). - media: chips-media: wave5: Fix kthread worker destruction in polling mode (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: mediatek: encoder: Fix uninitialized scalar variable issue (git-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - memory: mtk-smi: fix device leak on larb probe (git-fixes). - memory: mtk-smi: fix device leaks on common probe (git-fixes). - HID: logitech: add HID++ support for Logitech MX Anywhere 3S (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit 2d30005 - scsi: qla2xxx: edif: Fix dma_free_coherent() size (git-fixes). - scsi: qla2xxx: Sanitize payload size to prevent member overflow (git-fixes). - scsi: qla2xxx: Enable/disable IRQD_NO_BALANCING during reset (git-fixes). - scsi: qla2xxx: target: Improve safety of cmd lookup by handle (git-fixes). - scsi: qla2xxx: target: Add back SRR support (git-fixes). - scsi: qla2xxx: target: Improve cmd logging (git-fixes). - scsi: qla2xxx: target: Add cmd->rsp_sent (git-fixes). - scsi: qla2xxx: target: Fix invalid memory access with big CDBs (git-fixes). - scsi: qla2xxx: Fix TMR failure handling (git-fixes). - scsi: qla2xxx: target: Improve checks in qlt_xmit_response() / qlt_rdy_to_xfer() (git-fixes). - scsi: qla2xxx: target: Fix races with aborting commands (git-fixes). - scsi: qla2xxx: Clear cmds after chip reset (CVE-2025-68745 bsc#1255721 git-fixes). - scsi: qla2xxx: target: Fix term exchange when cmd_sent_to_fw == 1 (git-fixes). - scsi: qla2xxx: target: Improve debug output for term exchange (git-fixes). - scsi: qla2xxx: target: Remove code for unsupported hardware (git-fixes). - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (git-fixes). - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (git-fixes). - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (git-fixes). - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (git-fixes). - commit c2959d9 - drm/xe: Unregister drm device on probe error (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET (git-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - commit bfdede0 - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC (git-fixes). - PCI/ERR: Ensure error recoverability at all times (git-fixes). - commit 64dc0df - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 (stable-fixes). - Refresh patches.suse/ALSA-hda-realtek-Enable-headset-mic-for-Acer-Nitro-5.patch. - commit dcc35f0 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: omap-ocp2scp: fix OF populate on driver rebind (git-fixes). - clk: qcom: Return correct error code in qcom_cc_probe_by_index() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: simple-card-utils: Check device node before overwrite direction (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL (stable-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - commit 85b3e2d - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f6350b1 - KVM: x86/mmu: Embed direct bits into gpa for KVM_PRE_FAULT_MEMORY (git-fixes). - commit 75ad287 - Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" (git-fixes). - commit cbd54f0 - KVM: x86/mmu: WARN if KVM attempts to map into an invalid TDP MMU root (git-fixes). - commit db82a28 - KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU (git-fixes). - commit 7bbdb3d - KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() (git-fixes). - commit cc287ee - KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory (git-fixes). - commit e9d19b9 - KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings (git-fixes). - commit 0739547 - KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init() (git-fixes). - commit ff33194 - x86/virt/tdx: Use precalculated TDVPR page physical address (git-fixes). - commit 3fdc23e ++++ libpng16: - added patches CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020) * libpng16-CVE-2026-25646.patch ++++ libpng16: - added patches CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020) * libpng16-CVE-2026-25646.patch ++++ maven-resolver: - Update to upstream version 1.9.26 * New features and improvements + GH-1773: Treat 410 Gone as 404 Not Found + GH-1737: Revert partially parallel upload change * Bug Fixes + GH-1768; Drastically simplify auth caching + [1.9.x] Bug: GH-1703 Locally cached artifacts defy RRF * Documentation updates + Clarify that HTTP Transport uses Apache HTTP Client * Dependency updates + Bump org.redisson:redisson from 3.52.0 to 4.2.0 + Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 + Bump org.apache.maven:maven-parent from 46 to 47 + Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.0 to 0.25.4 + Bump mavenVersion from 3.9.11 to 3.9.12 ++++ maven-resolver-supplier: - Update to upstream version 1.9.26 * New features and improvements + GH-1773: Treat 410 Gone as 404 Not Found + GH-1737: Revert partially parallel upload change * Bug Fixes + GH-1768; Drastically simplify auth caching + [1.9.x] Bug: GH-1703 Locally cached artifacts defy RRF * Documentation updates + Clarify that HTTP Transport uses Apache HTTP Client * Dependency updates + Bump org.redisson:redisson from 3.52.0 to 4.2.0 + Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 + Bump org.apache.maven:maven-parent from 46 to 47 + Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.0 to 0.25.4 + Bump mavenVersion from 3.9.11 to 3.9.12 ++++ nvidia-open-driver-G06-signed-cuda: - update non-CUDA variant to version 580.126.18 (boo#1258154) - updated CUDA variant to version 580.126.16 ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.126.18 (boo#1258154) - updated CUDA variant to version 580.126.16 ++++ python-Pillow: - CVE-2026-25990: out-of-bounds write when opening a specially crafted PSD image (bsc#1258125) added CVE-2026-25990.patch ------------------------------------------------------------------ ------------------ 2026-2-11 - Feb 11 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-azure: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-default: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-rt: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ cosign: - Update to version 3.0.4: * CVE-2025-11065: Fixed github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620) * CVE-2026-22703: Fixed that cosign verification accepts any valid Rekor entry under certain conditions (bsc#1256496) * Fix bundle verify path for old bundle/trusted root (#4623) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4616) * chore(deps): bump cuelang.org/go in the gomod group (#4615) * Optimize cosign tree performance by caching digest resolution (#4612) * Don't require a trusted root to verify offline with a key (#4613) * Support default services for trusted-root and signing-config creation (#4592) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4602) * chore(deps): bump github.com/sigstore/sigstore-go (#4578) * chore(deps): bump github.com/buildkite/agent/v3 from 3.114.1 to 3.115.2 (#4601) * chore(deps): bump google.golang.org/api from 0.257.0 to 0.258.0 (#4611) * chore(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 (#4604) * chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4588) * chore(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#4586) * chore(deps): bump the gomod group with 5 updates (#4599) * chore(deps): bump github.com/open-policy-agent/opa from 1.10.1 to 1.12.1 (#4600) * chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 (#4584) * chore(deps): bump the actions group with 3 updates (#4587) * chore(deps): bump actions/cache from 4.3.0 to 5.0.1 (#4589) * chore(deps): bump the gomod group with 9 updates (#4577) ++++ docker-stable: - Backport to remove strings.Split and add parseToken function, bsc#1240513 fixes CVE-2025-30204 + 0017-CVE-2025-30204-fix-Remove-strings.Split-and-add-pars.patch ++++ dtb-aarch64: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ libjxl-gtk: - Update to release 0.11.2 (bsc#1258090 bsc#1258091 CVE-2025-12474) * Fix tile dimension in low memory rendering pipeline * Fix number of channels for gray-to-gray color transform [CVE-2026-1837] * djxl: reject decoding JXL files if "packed" representation size overflows size_t ++++ gimp: - Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812). ++++ gimp: - Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812). ++++ gnome-online-accounts: - Update to version 3.57.1: + Default Microsoft 365 client is unverified + Microsoft 365: Make use of email for id + goadaemon: Allow manage system notifications + goamsgraphprovider: bump credentials generation + goaprovider: Allow to disable, instead of enable, selected providers - Changes from version 3.57.0: + Support for saving a Kerberos password to the keychain after the first login + changing expired kerberos password is not supported. + Provided Files URI does not override undiscovered endpoint + DAV client rejects 204 status in OPTIONS request handler + Include emblem-default-symbolic.svg + Connecting a Runbox CardDAV/CalDAV account hangs/freezes after sign in + i81n: fix translatable string + goaimapsmptprovider: fix accounts without SMTP or authentication-less SMTP + build: only install icons for the goabackend build + build: don't require goabackend to build documentation + ci: test the build without gtk4 + DAV-client: Added short path for SOGo + Updated translations. ++++ golang-github-prometheus-prometheus: - Do not build old web UI. Fixes following security vulnerabilities: * CVE-2026-1615: jsonpath: arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions (bsc#1257897) * CVE-2025-61140: jsonpath: the `value` function is vulnerable to prototype pollution (bsc#1257442) - Set source URL in the spec file and drop tar service - Add 0003-Remove-build-react-app.patch - Drop 0003-Bump-node-forge.patch ++++ grub2: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) * 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch ++++ kernel-source: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-docs: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-kvmsmall: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-obs-build: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-obs-qa: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-syms: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ kernel-zfcpdump: - KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (git-fixes). - commit b53af4c - mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134 bsc#1256732). - commit 3036351 - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - commit 55dd0a8 - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 4a5b062 - media: pci: mg4b: Use IRQF_NO_THREAD (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() (git-fixes). - crypto: caam - fix netdev memory leak in dpaa2_caam_probe (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - commit 4559d68 ++++ postgresql18: - Update to 18.2: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/18.2/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * bsc#1258012, CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ libjxl: - Update to release 0.11.2 (bsc#1258090 bsc#1258091 CVE-2025-12474) * Fix tile dimension in low memory rendering pipeline * Fix number of channels for gray-to-gray color transform [CVE-2026-1837] * djxl: reject decoding JXL files if "packed" representation size overflows size_t ++++ vlc: - Replace the content of vlc-gstreamer-1.28-build-fix.patch with the upstream proposed variant from https://code.videolan.org/videolan/vlc/-/merge_requests/8479 - Fix build with gstreamer 1.28: vlc-gstreamer-1.28-build-fix.patch ++++ mdadm: - Update to version 4.4+37.gea219956: - Backport upstream fixes from 4.5 (bsc#1257009) * Re-enable mdadm --monitor ... for /dev/mdX * Allow RAID0 to be created with v0.90 metadata * Moves memory management into Assemble to avoid null pointer dereference * Support non-absolute name during monitor scan * Don't set badblock flag when adding a new disk * Fix metadata corruption when managing new imsm array ++++ postgresql14: - Update to 14.21: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/14.21/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ postgresql14: - Update to 14.21: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/14.21/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ postgresql15: - Update to 15.16: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/15.16/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ postgresql16: - Update to 16.12: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/16.12/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ postgresql17: - Update to 17.8: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/17.8/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ postgresql18-mini: - Update to 18.2: * https://www.postgresql.org/about/news/p-3235/ * https://www.postgresql.org/docs/release/18.2/ * bsc#1258008, CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector * bsc#1258009, CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. * bsc#1258010, CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. * bsc#1258011, CVE-2026-2006: Fix inadequate validation of multibyte character lengths. * bsc#1258012, CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. * obsoletes llvm-21-aarch64.patch - Disown /var/lib/pgsql to support transactional updates. ++++ sisu: - Upgrade to upstream release 1.0.0 * Changes + Bump actions/checkout from 4 to 6 + Bump actions/setup-java from 4 to 5 + Bump github/codeql-action from 3 to 4 + Update key deps and plugins + Switch to maintained Build API + Get rid of ancient logback + Increase test coverage + Improve test + Source formatting and license headers + Update TestNG + Modernize codebase + Update m-fluido-s to 2.1.0 + Build with Java 25 + Update sonar-m-p to 5.5.0.6356 + Expose GitHub secret only as env variable in build step + Remove "Incubation" from bundle names - Modified patches: * sisu-no-dependency-on-glassfish-servlet-api.patch * sisu-osgi-api.patch * sisu-reproducible-index.patch + rediff ++++ sisu-extenders: - Upgrade to upstream release 1.0.0 * Changes + Bump actions/checkout from 4 to 6 + Bump actions/setup-java from 4 to 5 + Bump github/codeql-action from 3 to 4 + Update key deps and plugins + Switch to maintained Build API + Get rid of ancient logback + Increase test coverage + Improve test + Source formatting and license headers + Update TestNG + Modernize codebase + Update m-fluido-s to 2.1.0 + Build with Java 25 + Update sonar-m-p to 5.5.0.6356 + Expose GitHub secret only as env variable in build step + Remove "Incubation" from bundle names - Modified patches: * sisu-no-dependency-on-glassfish-servlet-api.patch * sisu-osgi-api.patch * sisu-reproducible-index.patch + rediff ++++ sisu-mojos: - Upgrade to upstream release 1.0.0 * Changes + Bump actions/checkout from 4 to 6 + Bump actions/setup-java from 4 to 5 + Bump github/codeql-action from 3 to 4 + Update key deps and plugins + Switch to maintained Build API + Get rid of ancient logback + Increase test coverage + Improve test + Source formatting and license headers + Update TestNG + Modernize codebase + Update m-fluido-s to 2.1.0 + Build with Java 25 + Update sonar-m-p to 5.5.0.6356 + Expose GitHub secret only as env variable in build step + Remove "Incubation" from bundle names - Modified patches: * sisu-no-dependency-on-glassfish-servlet-api.patch * sisu-osgi-api.patch * sisu-reproducible-index.patch + rediff ++++ snpguest: - CVE-2026-25727: Update time dependency to v0.3.47 (bsc#1257927) ++++ ucode-intel: - Intel CPU Microcode was updated to the 20260210 release (bsc#1258046) - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129) - CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege. (bsc#1258046 INTEL-SA-01396 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html) - Update for various functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 0000003d | 0000003e | Core Gen12 | ADL | H0 | 06-97-05/07 | 0000003d | 0000003e | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000043a | 0000043b | Core Gen12 | ADL | R0 | 06-9a-04/80 | 0000043a | 0000043b | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001e | 00000021 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | ARL-H | A1 | 06-c5-02/82 | 0000011a | 0000011b | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 0000011a | 0000011b | Core Ultra Processor (Series 2) | ARL-U | A0 | 06-b5-00/80 | 0000000a | 0000000d | Core Ultra Processor (Series 2) | AZB | A0/R0 | 06-9a-04/40 | 0000000b | 0000000c | Atom C1100 | EMR-SP | A1 | 06-cf-02/87 | 210002c0 | 210002d3 | Xeon Scalable Gen5 | GNR-AP/SP | Bx/Hx/Lx | 06-ad-01/95 | 010003f0 | 01000405 | Xeon 6900/6700/6500 Series Processors with P-Cores | GNR-D | B0/B1 | 06-ae-01/97 | 01000273 | 010002f3 | Xeon 6700P-B/6500P-B Series SoC with P-Cores | GNR-SP R1S | Bx/Hx/Lx | 06-ad-01/20 | 0a000124 | 0a000133 | Xeon 6700/6500-Series Processors with P-Cores | ICL-D | B0 | 06-6c-01/10 | 010002e0 | 010002f1 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000ca | 000000cc | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000410 | 0d000421 | Xeon Scalable Gen3 | MTL | C0 | 06-aa-04/e6 | 00000025 | 00000028 | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 00000064 | 00000065 | Core Gen11 | RPL-E/HX/S | B0 | 06-b7-01/32 | 00000132 | 00000133 | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00006133 | 00006134 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 0000003d | 0000003e | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 0000003d | 0000003e | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00006133 | 00006134 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c000410 | 2c000421 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000650 | 2b000661 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000650 | 2b000661 | Xeon Scalable Gen4 | TGL | B0/B1 | 06-8c-01/80 | 000000bc | 000000be | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000056 | 00000058 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 0000003c | 0000003e | Core Gen11 Mobile | TWL | N0 | 06-be-00/19 | 0000001e | 00000021 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ------------------------------------------------------------------ ------------------ 2026-2-10 - Feb 10 2026 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20260210.ecce285: * For boo#1257875 get intrinsic DEFAULT_WM back * DIR_COLORS: add vt220 and .jxl ++++ kernel-64kb: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-azure: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-default: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-rt: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ lvm2-device-mapper: - L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661) * Add upstream patch + bug-1257661-libdaemon-fix-suppressing-stray-fd-warnings.patch ++++ dtb-aarch64: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ gnutls: - Security fix: * CVE-2025-14831: DoS via excessive resource consumption during certificate verification (bsc#1257960) * Add gnutls-CVE-2025-14831.patch ++++ go1.26: - go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Refs boo#1255111 go1.26 release tracking * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go’s modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command’s historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go@version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the “View -> Graph” menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector’s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10–40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the - compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which can be enabled by setting the environment variable GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information—typically cryptographic in nature—such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won’t be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf("x") now allocates less and generally matches the allocations for errors.New("x"). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file’s end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for-bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers’ Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type’s fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value’s fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. ++++ kernel-source: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-docs: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-kvmsmall: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-obs-build: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-obs-qa: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-syms: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kernel-zfcpdump: - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686 CVE-2025-71193) - commit 19f0093 - Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070) - commit dea3240 - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit be35313 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit 19d7755 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 1a38c1d - spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805 CVE-2026-23068) - commit 7304352 - blacklist.conf: CVE-2025-68789 is invalid - Delete patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch. - commit f8a3a89 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 1cb88e2 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952) - commit d5bce4f - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-clearing-in-tegr.patch (git-fixes bsc#1257952) - commit 27b982c - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952) - commit 98fc331 - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-assignment-in-te.patch (git-fixes bsc#1257952) - commit bd0d13d - Update patches.suse/spi-tegra210-quad-Move-curr_xfer-read-inside-spinloc.patch (git-fixes bsc#1257952) - commit 1f60101 - Update patches.suse/spi-tegra210-quad-Return-IRQ_HANDLED-when-timeout-al.patch (git-fixes bsc#1257952) - commit c2f4ce0 - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - thermal/of: Fix reference leak in thermal_of_cm_lookup() (git-fixes). - OPP: Return correct value in dev_pm_opp_get_level (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - OPP: OF: Fix an OF node leak in _opp_add_static_v2() (git-fixes). - commit 41b898f ++++ kubevirt: - Update to version 1.7.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.7.0 bsc#1241772 (CVE-2025-22872), bsc#1253181 (CVE-2025-64432), bsc#1253185 (CVE-2025-64433), bsc#1253186 (CVE-2025-64434), bsc#1253189 (CVE-2025-64435), bsc#1253194 (CVE-2025-64437), bsc#1253748 (CVE-2025-64324), bsc#1257128, bsc#1257422 (CVE-2024-45310) Drop Update-module-golang.org-x-oauth2-to-v0.27.0-SECURITY.patch and Update-module-golang.org-x-net-to-v0.38.0-SECURITY.patch - Upstream now uses stateless firmware for CoCo VMs. Drop Ensure-SEV-VMs-use-stateless-OVMF-firmware.patch ++++ lvm2: - L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661) * Add upstream patch + bug-1257661-libdaemon-fix-suppressing-stray-fd-warnings.patch ++++ lvm2-lvmlockd: - L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661) * Add upstream patch + bug-1257661-libdaemon-fix-suppressing-stray-fd-warnings.patch ++++ nvidia-open-driver-G06-signed-cuda: - kernel-6.19.patch: fixes build against kernel 6.19 ++++ nvidia-open-driver-G07-signed-cuda: - kernel-6.19.patch: fixes build against kernel 6.19 ++++ nvidia-open-driver-G06-signed: - kernel-6.19.patch: fixes build against kernel 6.19 ++++ nvidia-open-driver-G07-signed: - kernel-6.19.patch: fixes build against kernel 6.19 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ openQA: - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst: - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way ++++ os-autoinst-distri-opensuse-deps: - Added dependency perl(constant) - Added dependency perl(Inline::Python) - Removed dependency perl(Inline::Python) - Removed dependency perl(LWP::Simple) - Added dependency perl(LWP::Simple) - Removed dependency perl(POSIX) - Added dependency perl(parent) - Added dependency perl(POSIX) - Added dependency perl(strict) - Added dependency perl(utf8) - Added dependency perl(version) - Added dependency perl(warnings) - Removed dependency perl(constant) - Removed dependency perl(parent) - Removed dependency perl(strict) - Removed dependency perl(utf8) - Removed dependency perl(version) - Removed dependency perl(warnings) - Removed dependency /usr/bin/gzip - Added dependency /usr/bin/gzip ++++ wicked2nm: - Update to v1.4.1 * bump bytes from 1.10.1 to 1.11.1 * Update time to 0.3.47 (CVE-2026-25727) [bsc#1257911] - Disable `update` in cargo vendor service, as newer agama versions are incompatible for now. ------------------------------------------------------------------ ------------------ 2026-2-9 - Feb 9 2026 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS Reboot (bsc#1254299) * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch ++++ keylime: - Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): * Bump version to 7.14.0 * verifier: Delete sessions from the DB and then from the cache * authentication: Do not persist plaintext tokens * crypto: Add operation to calculate the hash of a token * Fix session management bugs and improve security * authorization: Add documentation explaining authorization framework * authorization: Add unit tests * authorization: Add metadata to routes with auth requirement * authorization: Integrate authorization to action_handler * authorization: Add access requirement metadata to all routes * authorization: Add authorization provider manager * authorization: Add pluggable authorization provider framework * keylime_oneshot_attestation: Fix measured boot log encoding * tenant: Log the API version used to communicate with the agent * tenant: Negotiate API version with the registrar * scripts: Do not take TPM ownership * scripts: Remove verifier key parameters from keylime_oneshot_attestation * /verify/evidence: Return error 400 if no policy is provided * tpm: handle policies provided as empty strings * /verify/evidence: Require a policy for TPM evidence type * ima: Fix deserialization of empty runtime policy * scripts: Fix keylime_oneshot_attestation for API v2.5 * [Automatic] Update Keylime base image 2026-02-03 * tpm_engine: Fix evidence_class filtering for ima_log * tpm_engine: Move _add_error() calls to self.attestation * tpm_engine: Validate that available_subjects is a dict * verifier: Add missing identity controller and fix routing mixup * templates: Remove unused agent options, fixed incorrect ones * templates: Add missing options to the templates * templates: Fix values to be TOML compatible * tests: Add unit tests for negotiate_version * verifier: Only check for version downgrade after first attestation * docs: Fix documentation regarding behavior of /verify/evidence * docs: Update v2.5 doc with new agent /version behavior * tenant, verifier: Implement API version negotiation * Introduce new API version v2.5 * Fix HTTP 500 error when accessing attestations for agents with no records * Remove @Controller.require_json_api from GET attestations endpoints * mba: Fix linting warnings on measured boot code * CI: Update e2e test plan with new tests * CI: Switch code coverage measurement to Fedora43 * workflows: Separate upstream test suite from e2e coverage ++++ rust-keylime: - Update vendored crates (bsc#1257908, CVE-2026-25727) * time 0.3.47 - Update to version 0.2.8+116: * build(deps): bump bytes from 1.7.2 to 1.11.1 * api: Modify /version endpoint output in version 2.5 * Add API v2.5 with backward-compatible /v2.5/quotes/integrity * tests: add unit test for resolve_agent_id (#1182) * (pull-model): enable retry logic for registration * rpm: Update specfiles to apply on master * workflows: Add test to detect unused crates * lib: Drop unused crates * push-model: Drop unused crates * keylime-agent: Drop unused crates * build(deps): bump uuid from 1.18.1 to 1.19.0 * Update reqwest-retry to 0.8, retry-policies to 0.5 * rpm: Fix cargo_build macro usage on CentOS Stream * fix(push-model): resolve hash_ek uuid to actual EK hash * build(deps): bump thiserror from 2.0.16 to 2.0.17 * workflows: Separate upstream test suite from e2e coverage * Send UEFI measured boot logs as raw bytes (#1173) * auth: Add unit tests for SecretToken implementation * packit: Enable push-attestation tests * resilient_client: Prevent authentication token leakage in logs ++++ rust-keylime: - Update vendored crates (bsc#1257908, CVE-2026-25727) * time 0.3.47 - Update to version 0.2.8+116: * build(deps): bump bytes from 1.7.2 to 1.11.1 * api: Modify /version endpoint output in version 2.5 * Add API v2.5 with backward-compatible /v2.5/quotes/integrity * tests: add unit test for resolve_agent_id (#1182) * (pull-model): enable retry logic for registration * rpm: Update specfiles to apply on master * workflows: Add test to detect unused crates * lib: Drop unused crates * push-model: Drop unused crates * keylime-agent: Drop unused crates * build(deps): bump uuid from 1.18.1 to 1.19.0 * Update reqwest-retry to 0.8, retry-policies to 0.5 * rpm: Fix cargo_build macro usage on CentOS Stream * fix(push-model): resolve hash_ek uuid to actual EK hash * build(deps): bump thiserror from 2.0.16 to 2.0.17 * workflows: Separate upstream test suite from e2e coverage * Send UEFI measured boot logs as raw bytes (#1173) * auth: Add unit tests for SecretToken implementation * packit: Enable push-attestation tests * resilient_client: Prevent authentication token leakage in logs ++++ libsoup2: - Add libsoup2-CVE-2025-4476.patch: fix crash in soup_auth_digest_get_protection_space (bsc#1243422 CVE-2025-4476 glgo#GNOME/libsoup#440). ++++ libzpc: - Upgrade libzpc to version 1.5.0 (jsc#PED-14603, jsc#PED-14275, jsc#PED-15049, jsc#PED-15621) * [FEATURE] Support live guest relocation ++++ messagelib: - Fix links sometimes not opening (boo#1257869, kde#493325): * 0001-Fix-left-click-not-working-on-links-with-target-_bla.patch ------------------------------------------------------------------ ------------------ 2026-2-8 - Feb 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-azure: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-default: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-rt: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ dtb-aarch64: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-source: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-docs: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-kvmsmall: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-obs-build: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-obs-qa: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-syms: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ kernel-zfcpdump: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 48bc42c ++++ roundcubemail: - update to 1.6.13 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052, CVE-2026-26079). + Fix remote image blocking bypass via SVG content reported by nullcathedral (boo#1257909, CVE-2026-25916). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG + Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) + Fix CSS injection vulnerability reported by CERT Polska. + Fix remote image blocking bypass via SVG content reported by nullcathedral. ------------------------------------------------------------------ ------------------ 2026-2-7 - Feb 7 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-azure: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-default: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-rt: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ dtb-aarch64: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-source: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-docs: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-kvmsmall: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-obs-build: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-obs-qa: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-syms: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ++++ kernel-zfcpdump: - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ALSA: aloop: Fix racy access at PCM trigger (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit 62b82cf - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - commit 060a2c0 ------------------------------------------------------------------ ------------------ 2026-2-6 - Feb 6 2026 ------------------- ------------------------------------------------------------------ ++++ apache-commons-io: - Upgrade to 2.21.0 * New features + FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte + Add org.apache.commons.io.FileUtils.ONE_RB + Add org.apache.commons.io.FileUtils.ONE_QB + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], int, int, long) + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], long) + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(int, long) + Add length unit support in FileSystem limits + Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation + Add org.apache.commons.io.file.PathUtils.getPath(String, String) + Add org.apache.commons.io.channels .ByteArraySeekableByteChannel + Add IOIterable.asIterable() + Add NIO channel support to 'AbstractStreamBuilder' + Add CloseShieldChannel to close-shielded NIO Channels + Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize * Fixed Bugs + When testing on Java 21 and up, enable - XX:+EnableDynamicAgentLoading + When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE + ValidatingObjectInputStream does not validate dynamic proxy interfaces + BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set + BoundedInputStream.available() correctly accounts for the maximum read limit + Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int) + IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow + Javadoc general improvements + IOUtils.toByteArray() now throws EOFException when not enough data is available + Fix IOUtils.skip() usage in concurrent scenarios + [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built * Changes + Bump org.apache.commons:commons-parent from 85 to 91 + [test] Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 + [test] Bump commons.bytebuddy.version from 1.17.6 to 1.17.8 + [test] Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 * Removed + Inline private constant field ProxyInputStream.exceptionHandler - Upgrade to 2.20.0 * New features + Add org.apache.commons.io.file.CountingPathVisitor .accept(Path, BasicFileAttributes) + Add org.apache.commons.io.Charsets.isAlias(Charset, String) + Add org.apache.commons.io.Charsets.isUTF8(Charset) + Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset) + Add Tailer ignoreTouch option * Fixed Bugs + [javadoc] Rename parameter of ProxyOutputStream.write(int) + CopyDirectoryVisitor ignores fileFilter + org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin .getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin .getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin .getWriter(Charset) now maps a null Charset to the default Charset + FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77] Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + QueueInputStream reads all but the first byte without waiting + Javadoc fixes and improvements + Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter .accept(File) + FileUtils.forceDelete can delete a broken symlink again + Fix infinite loop in AbstractByteArrayOutputStream * Changes + Bump commons.bytebuddy.version from 1.17.5 to 1.17.6 + Bump org.apache.commons:commons-parent from 81 to 85 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 - Upgrade to 2.19.0 * New features + Add ThrottledInputStream.Builder.setMaxBytes(long, ChronoUnit) + Add IOIterable + ReversedLinesFileReader implements IOIterable + Add AbstractByteArrayOutputStream.write(CharSequence, Charset) + Add AbstractByteArrayOutputStream.write(byte[]) + Add RandomAccessFileOutputStream.getRandomAccessFile() + Add ProxyInputStream.setReference(InputStream), was package-private setIn(InputStream) + Add ProxyOutputStream.setReference(OutputStream) + Add RandomAccessFileInputStream.copy(long, long, OutputStream) + Add ProxyOutputStream.Builder + Add ByteOrderMark.matches(int[]) + Add BrokenOutputStream.BrokenOutputStream(Function, Throwable>) and deprecate Supplier constructor + Add IOBooleanSupplier + Add Uncheck.getAsBoolean(IOBooleanSupplier) + Add FileChannels.contentEquals(SeekableByteChannel, SeekableByteChannel, int) + Add FileChannels.contentEquals(ReadableByteChannel, ReadableByteChannel, int) + Add SimplePathVisitor.AbstractBuilder + Add CountingPathVisitor.AbstractBuilder and CountingPathVisitor.Builder + Add AccumulatorPathVisitor.Builder and builder() + Add PathUtils.contentEquals(FileSystem, FileSystem) * Fixed Bugs + Deprecate constructor Counters.Counters() to be private in 4.0 + Deprecate constructor Charsets.Charsets() to be private in 4.0 + Pick up maven-antrun-plugin version from parent POM org.apache:apache + Javadoc is missing its Overview page + Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80) + Deprecate DeferredFileOutputStream.getStream() in favor of getOutputStream() + Improve Javadoc for a BoundedInputStream builder() throwing IOException + Improve Javadoc for all implementations of AbstractOriginSupplier#get() + The Consumer to IOUtils.closeQuietly(Closeable, Consumer) now accepts Exception, not just IOException + The Consumer to IOUtils.close(Closeable, IOConsumer) now accepts wrapped Exception, not just IOException + Use Uncheck.getAsBoolean(IOBooleanSupplier) to avoid boxing and unboxing of boolean values + Avoid unnecessary boxing and unboxing of long values in FileUtils.sizeOf(File) + Avoid unnecessary boxing and unboxing of int values in UncheckedBufferedReader.read() + Avoid unnecessary boxing and unboxing of int values in UncheckedFilterInputStream.available() and read() + Avoid unnecessary boxing and unboxing of int values in UncheckedFilterReader.read() + FileChannels.contentEquals(FileChannel, FileChannel, int) can return false when comparing a non-blocking channel + Deprecate FileChannels.contentEquals(FileChannel, FileChannel, int) in favor of FileChannels .contentEquals(SeekableByteChannel, SeekableByteChannel, int) + Improve performance of IOUtils.contentEquals(InputStream, InputStream) by about 13% + PathUtils.copyFileToDirectory() across file systems + IOUtils.contentEquals is incorrect when InputStream.available under-reports + java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToFileTime(FileTimes.java:164). See also https://issues.apache.org/jira/browse/MDEP-978 + java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToDate(long) + FileTimes.toNtfsTime(*) methods can overflow result values + Fix Javadoc for ChunkedOutputStream.Builder + General Javadoc improvements + Calling QueueInputStream.QueueInputStream(null) maps to the same kind of default blocking queue as QueueInputStream.Builder.setBlockingQueue(null) + CopyDirectoryVisitor creates incorrect file names when copying between different file systems that use different file system separators ("/" versus "\"); fixes PathUtils.copyDirectory(Path, Path, CopyOption...) + ThreadUtils.sleep(Duration) should handle the underlying OS time changing * Changes + Bump commons.bytebuddy.version from 1.15.10 to 1.17.5 + Bump commons-codec:commons-codec from 1.17.1 to 1.18.0 + Bump org.apache.commons:commons-parent from 78 to 81 ++++ kernel-64kb: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-azure: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-default: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-rt: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ dtb-aarch64: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ freerdp2: - Add patches to fix CVE issues: + freerdp-CVE-2026-22852.patch (CVE-2026-22852, bsc#1256718) + freerdp-CVE-2026-22854.patch (CVE-2026-22854, bsc#1256720) + freerdp-CVE-2026-22856.patch (CVE-2026-22856, bsc#1256722) + freerdp-CVE-2026-22859.patch (CVE-2026-22859, bsc#1256725) + freerdp-CVE-2026-23530.patch (CVE-2026-23530, bsc#1256940) + freerdp-CVE-2026-23531.patch (CVE-2026-23531, bsc#1256941) + freerdp-CVE-2026-23532.patch (CVE-2026-23532, bsc#1256942) + freerdp-CVE-2026-23534.patch (CVE-2026-23534, bsc#1256944) ++++ google-cloud-sap-agent: - Update to version 3.11 (bsc#1257821) * Fix logging calls in hanadiskbackup and hanadiskrestore. * Add instance name label to HANA disk backups. * Update workloadagentplatform submodule hash. * Refactor HANA disk restore to use new-disk-suffix. * Update workloadagentplatform dependency to a newer commit. * Refactor snapshot name generation and validation. * Implement Snapshot Group label setting and SG deletion. * Restart tuned service before verification in configure instance * Remove legacy iam shared package * Improve HANA stop error handling in hanabackup. * Add INFO level log message for WLM ConfigureInstance check. * Add tuned-adm verify to X4 configuration. * sched_min/wakeup_granularity_ns in tuned is under [scheduler] not [sysctl] * Change tuned service check and improve error logging in configurex4. * Bump SAP Agent version to 3.11 * Auto updated compiled protocol buffers * Add status_features to agent configuration proto. * Ensure all properties from the source DB component are copied to the replication site component * Update grub command for RHEL 9+ X4 configure instance * Add additional parameters to improve the performance in RHEL OS * Exclude Backint status when parameters path is not set. * Use local context in loggers for discovery data upload loop. * Add a retry loop to SAP System WriteInsight when the response is a permission error. * Add a custom timeout to HANA queries in hanadiskbackup. * Add check for /usr/sap executable permissions in status command. * Flush logger for Cloud Logging client. * Fix structured logging and empty slice declarations in multidisk.go. * Log errors encountered during LogCollectionHandler startup. ++++ kernel-source: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-docs: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-kvmsmall: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-obs-build: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-obs-qa: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-syms: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ kernel-zfcpdump: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit c43798b - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - commit 92245f0 - clocksource: Print durations for sync check unconditionally (bsc#1257818). - commit 2635eb6 - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - commit 42f5b0d - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - Refresh patches.suse/clocksource-Use-migrate_disable-to-avoid-calling-get_random_u32-in-atomic-context.patch. - commit 3170141 - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - net: usb: r8152: fix resume reset deadlock (git-fixes). - commit 1109b27 ++++ python313-core: - Update to 3.13.12: Python 3.13.12 final Release date: 2026-02-03 - Tools/Demos - gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner. - Tests - gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content. - gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0. - gh-143553: Add support for parametrized resources, such as - u xpickle=2.7. - gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe. - gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock. - bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line. - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”. - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Documentation - gh-140806: Add documentation for enum.bin(). - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. - Remove upstreamed patches: - CVE-2024-6923-follow-up-EOL-email-headers.patch - gh138131-exclude-pycache-from-digest.patch ++++ python313-nogil-nogil-core: - Update to 3.13.12: Python 3.13.12 final Release date: 2026-02-03 - Tools/Demos - gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner. - Tests - gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content. - gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0. - gh-143553: Add support for parametrized resources, such as - u xpickle=2.7. - gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe. - gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock. - bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line. - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”. - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Documentation - gh-140806: Add documentation for enum.bin(). - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. - Remove upstreamed patches: - CVE-2024-6923-follow-up-EOL-email-headers.patch - gh138131-exclude-pycache-from-digest.patch ++++ libsoup2: - Add libsoup2-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). ++++ micropython: - Add CVE-2026-1998.patch for CVE-2026-1998 / bsc#1257803 ++++ plexus-archiver: - Upgrade to upstream version 4.11.0 * New features and improvements + Replace PlexusIoZipFileResourceCollection with PlexusArchiverZipFileResourceCollection for non-JAR formats * Bug Fixes + Revert "Utilize VT if possible + Fix AbstractZipUnArchiver handling of zip entries with unspecified modification time + Fix AbstractArchiver.getFiles() to return forward slashes for ZIP-based archivers + Reduce heap usage in Zip archiver to prevent OutOfMemoryError in CI builds * Maintenance + Convert to Markdown and compare to Commons Compress + JUnit Jupiter best practices + Replace FileUtils.deleteDirectory(File) with JDK provided API * Dependency updates + Downgrade plexus-utils to 3.6.0 + Bump com.github.luben:zstd-jni from 1.5.7-4 to 1.5.7-6 + Bump plexus-io to 3.6.0 + Bump org.codehaus.plexus:plexus from 23 to 25 + Replace Airlift Snappy with Apache Commons Compress + Removal of dependency to AirCompressor that contains vulnerabilities + Bump org.tukaani:xz from 1.10 to 1.11 - Modified patch: * 0002-Remove-support-for-zstd.patch - > 0001-Remove-support-for-zstd.patch + rediff - Removed patch: * 0001-Remove-support-for-snappy.patch + snappy support goes now through commons-io that we package ++++ plexus-testing: - Update to version 2.1.0 * New features and improvements + Use guice with classes classifier - without embedded dependencies + Support for Nested tests * Maintenance + Cleanups dependencies * Dependency updates + Bump org.codehaus.plexus:plexus from 24 to 25 ++++ python313: - Update to 3.13.12: Python 3.13.12 final Release date: 2026-02-03 - Tools/Demos - gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner. - Tests - gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content. - gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0. - gh-143553: Add support for parametrized resources, such as - u xpickle=2.7. - gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe. - gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock. - bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line. - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”. - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Documentation - gh-140806: Add documentation for enum.bin(). - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. - Remove upstreamed patches: - CVE-2024-6923-follow-up-EOL-email-headers.patch - gh138131-exclude-pycache-from-digest.patch ++++ python-azure-core: - Add CVE-2026-21226.patch to fix deserialization of untrusted data in Azure Core shared client library for Python allowing an authorized attacker to execute code over a network (bsc#1257703, CVE-2026-21226) ++++ python313-documentation: - Update to 3.13.12: Python 3.13.12 final Release date: 2026-02-03 - Tools/Demos - gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner. - Tests - gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content. - gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0. - gh-143553: Add support for parametrized resources, such as - u xpickle=2.7. - gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe. - gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock. - bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line. - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”. - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Documentation - gh-140806: Add documentation for enum.bin(). - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. - Remove upstreamed patches: - CVE-2024-6923-follow-up-EOL-email-headers.patch - gh138131-exclude-pycache-from-digest.patch ++++ python313-nogil: - Update to 3.13.12: Python 3.13.12 final Release date: 2026-02-03 - Tools/Demos - gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner. - Tests - gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content. - gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0. - gh-143553: Add support for parametrized resources, such as - u xpickle=2.7. - gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe. - gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock. - bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line. - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”. - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Documentation - gh-140806: Add documentation for enum.bin(). - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. - Remove upstreamed patches: - CVE-2024-6923-follow-up-EOL-email-headers.patch - gh138131-exclude-pycache-from-digest.patch ++++ xmlgraphics-commons: - Added patch: * ioexception.patch + do not forward IOException that is not thrown with newer commons-io versions ++++ xmlgraphics-fop: - Added patch * ioexception.patch + fix build with commons-io >= 2.19 ------------------------------------------------------------------ ------------------ 2026-2-5 - Feb 5 2026 ------------------- ------------------------------------------------------------------ ++++ rust: - Provide rust-src meta package, too; it may be useful for building Rust support in Linux kernel ++++ kernel-64kb: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-azure: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-default: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-rt: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ cockpit-packages: - Dependency updates fixes bsc#1257325/CVE-2025-13465 ++++ gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-aarch64-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-aarch64-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-amdgcn-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-arm-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-arm-none-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-avr-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-bpf-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-hppa-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-nvptx-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-ppc64-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-ppc64le-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-ppc64le-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-pru-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-riscv64-elf-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-riscv64-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-riscv64-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-rx-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-s390x-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-s390x-gcc15-bootstrap: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ cross-x86_64-gcc15: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ dtb-aarch64: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ gcc15-testresults: - Add gcc15-bsc1257463.patch to fix bogus expression simplification [bsc#1257463] ++++ kernel-source: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-docs: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-kvmsmall: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-obs-build: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-obs-qa: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-syms: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ kernel-zfcpdump: - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - commit 8e55787 - iomap: account for unaligned end offsets when truncating read range (git-fixes). - commit d3a2bf0 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit 2476b62 - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes) - commit 9cd22b1 - btrfs: fix beyond-EOF write handling (git-fixes). - commit 4c56d83 ++++ systemd: - Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853) This was originally intended to ensure these paths had a designated package owner. However the existing list was neither exhaustive nor up to date. To better support immutable images, we are removing these entries and will now keep only /var/lib/systemd as owned by the systemd package. Maintaining the broader list provided little value due to its ongoing inconsistency anyways. ++++ vlc: - Disable faad support on Leap 15.x, unless in BUILD_ORIG case (3rd party repos): faad2 does not exist in Leap 15.x. ++++ openQA: - Update to version 5.1770274061.387b318c: * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ openQA: - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ++++ os-autoinst: - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features ------------------------------------------------------------------ ------------------ 2026-2-4 - Feb 4 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ chromium: - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads - modified patches: * chromium-127-rust-clanglib.patch (context) * chromium-144-revert-libxml-2.13.patch (context) * ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch (context) * ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch (drop ref to ppc/lossless_audiodsp_altivec.o, dropped upstream) * chromium-141-no_cxx_modules.patch * ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) * system-libdrm.patch (context) * ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch - added patches: * chromium-145-blink_missing_include.patch * chromium-145-use_unrar.patch (properly respect disabling unrar in recent code changes) * ppc-fedora-0009-sandbox-ignore-byte-span-error.patch * chromium-4f46f03a6c6d4c6efc1ad5d0d78030d02326f967.patch (revert spanification for jpeg_parser ending in compile error) * chromium-24264eefbfd3464161764f31a2752c5327719452.patch (also to revert jpeg_encoder spanification for older llvm) - bump BR for gn to 0.20251217 * need the string_hash function for rust gni - add rollup binaries for arm64 and powerpc64le, missing upstream using tarballs from npm.skia.org - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - removed patches: * chromium-134-revert-rust-adler2.patch * chromium-144-rust-adler2.patch (obsolete, automatic if rust_nightly is set properly) - added patches: * force-rust-nightly.patch - try rust1.93 for tumbleweed, 1.92 for older - gn flags: add toolchain_supports_rust_thin_lto=false to be able to build with a llvm older than the one vendored in rust - use llvm21 for tumbleweed - drop qt5 parts from spec, not used ++++ kernel-64kb: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-64kb: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-azure: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-azure: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-default: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-default: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-rt: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-rt: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ cockpit: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ cockpit-subscriptions: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ docker: - Places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. (bcs#1253904, CVE-2025-58181) * 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch ++++ dtb-aarch64: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ dtb-aarch64: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ evolution: - Add evolution-year-view-week-number.patch: fix incorrect week numbers in calendar year view (bsc#1256465 glgo#GNOME/evolution#3238). ++++ gnome-online-accounts: - Update to version 3.56.4: + Bugs fixed: - Unclear which part of "IMAP+SMTP" account test failed - Adding nextcloud account which has a subfolder does not work - goadaemon: Handle broken account configs + Updated translations. ++++ go1.24: - go1.24.13 (released 2026-02-04) includes security fixes to the go command and the crypto/tls package, as well as bug fixes to the crypto/x509 package. Refs boo#1236217 go1.24 release tracking CVE-2025-61732 CVE-2025-68121 CVE-2025-68119 * go#77128 go#76697 boo#1257692 security: fix CVE-2025-61732 cmd/go: potential code smuggling using doc comments * go#77355 go#77217 boo#1256818 crypto/tls: CVE-2025-68121 revert Config.Clone change and apply lightweight chain validation * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77322 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS ++++ go1.24-openssl: - Update to version 1.24.13 cut from the go1.24-fips-release branch at the revision tagged go1.24.13-1-openssl-fips. Refs jsc#SLE-18320 * Rebase to 1.24.13 - go1.24.13 (released 2026-02-04) includes security fixes to the go command and the crypto/tls package, as well as bug fixes to the crypto/x509 package. Refs boo#1236217 go1.24 release tracking CVE-2025-61732 CVE-2025-68121 CVE-2025-68119 * go#77128 go#76697 boo#1257692 security: fix CVE-2025-61732 cmd/go: potential code smuggling using doc comments * go#77355 go#77217 boo#1256818 crypto/tls: CVE-2025-68121 revert Config.Clone change and apply lightweight chain validation * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77322 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS ++++ go1.25: - go1.25.7 (released 2026-02-04) includes security fixes to the go command and the crypto/tls package, as well as bug fixes to the compiler and the crypto/x509 package. Refs boo#1244485 go1.25 release tracking CVE-2025-61732 CVE-2025-68121 * go#77129 go#76697 boo#1257692 security: fix CVE-2025-61732 cmd/go: potential code smuggling using doc comments * go#77356 go#77217 boo#1256818 security: fix CVE-2025-68121 crypto/tls: revert Config.Clone change and apply lightweight chain validation * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS ++++ go1.25-openssl: - Update to version 1.25.7 cut from the go1.25-fips-release branch at the revision tagged go1.25.7-1-openssl-fips. Refs jsc#SLE-18320 * Rebase to 1.25.7 ++++ go1.26: - go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. Refs boo#1255111 go1.26 release tracking ++++ go1.26: - go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. Refs boo#1255111 go1.26 release tracking ++++ google-guest-configs: - Install NetworkManager disptacher for SLE-16 and newer only ++++ kernel-source: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-source: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-docs: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-docs: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-kvmsmall: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-kvmsmall: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-obs-build: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-obs-build: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-obs-qa: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-obs-qa: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-syms: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-syms: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-zfcpdump: - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ kernel-zfcpdump: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 574bdcd - Refresh patches.suse/scsi-ufs-core-Improve-ufshcd_mcq_sq_cleanup.patch. Align with resulting upstream code after merges. Avoids a format string warning. - commit dd8af96 - idpf: detach and close netdevs while handling a reset (CVE-2026-22981 bsc#1257225). - commit 6e399ef - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - commit ea24b4e - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - commit 39ff5cb - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - commit e059ee8 - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - commit 2c24d91 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 35ce7c7 - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - commit c57db6d - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit 9d5464b ++++ libxslt: - CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553] - deleted patches * libxslt-CVE-2025-10911.patch ++++ systemd: - Import commit fb9d92682b2469aa205d4df3ffea61e4806ed0e9 b9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) 80ec26cee0 core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs ++++ systemd: - Import commit fb9d92682b2469aa205d4df3ffea61e4806ed0e9 fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) 80ec26cee0 core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs ++++ libxml2: - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) * Add patch libxml2-CVE-2026-1757.patch - CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) * Add patch libxml2-CVE-2025-10911.patch ++++ opensuse-migration-tool: - Update to version 20260204.2cf77a3: * Drop requires on update-bootloader as it's not available on 15.6. Install it in post-script on target of migration instead. boo#1255897 * Refine post-scritps * Ensure update bootloader is installed in post scripts * don't install selinux-policy-targeted-gaming by default ++++ python-Django: - Add test_strip_tags_incomplete.patch to fix behaviour with changes in the Python interpreter - Rebase test_strip_tags.patch - Add security patches: * CVE-2025-14550.patch (bsc#1257403) * CVE-2026-1312.patch (bsc#1257408) * CVE-2026-1312-followup.patch (bsc#1257408) * CVE-2026-1287.patch (bsc#1257407) * CVE-2026-1207.patch (bsc#1257405) * CVE-2025-13473.patch (bsc#1257401) * CVE-2026-1285.patch (bsc#1257406) ++++ python-Django: - Add test_strip_tags_incomplete.patch to fix behaviour with changes in the Python interpreter - Rebase test_strip_tags.patch - Add security patches: * CVE-2025-14550.patch (bsc#1257403) * CVE-2026-1312.patch (bsc#1257408) * CVE-2026-1312-followup.patch (bsc#1257408) * CVE-2026-1287.patch (bsc#1257407) * CVE-2026-1207.patch (bsc#1257405) * CVE-2025-13473.patch (bsc#1257401) * CVE-2026-1285.patch (bsc#1257406) ++++ libxml2-python: - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) * Add patch libxml2-CVE-2026-1757.patch - CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) * Add patch libxml2-CVE-2025-10911.patch ++++ suse-migration-services: - Bump version: 2.1.29 → 2.1.30 - Bump Migration changelog version: 2.1.30 - Update docinfo Add missing sections and update the revision history ------------------------------------------------------------------ ------------------ 2026-2-3 - Feb 3 2026 ------------------- ------------------------------------------------------------------ ++++ OpenBoard: - add AppData in metainfo.xml - add patch 1347-chore-appdata.patch * add metainfo.xml and adjust cmake - update to release version 1.7.5 ++++ OpenBoard: - add AppData in metainfo.xml - add patch 1347-chore-appdata.patch * add metainfo.xml and adjust cmake - update to release version 1.7.5 ++++ OpenBoard: - add AppData in metainfo.xml - add patch 1347-chore-appdata.patch * add metainfo.xml and adjust cmake - update to release version 1.7.5 ++++ kernel-64kb: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-64kb: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-azure: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-azure: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-default: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-default: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-rt: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-rt: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ cockpit-podman: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ dtb-aarch64: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ dtb-aarch64: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ expat: - security update - added patches CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser * expat-CVE-2026-24515.patch CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow * expat-CVE-2026-25210.patch ++++ expat: - security update - added patches CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser * expat-CVE-2026-24515.patch CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow * expat-CVE-2026-25210.patch ++++ google-guest-configs: - Add NetworkManager-devel to BuildRequires - Install NetworkManager dispatcher script (bsc#1254266) ++++ htmldoc: - version update to 1.9.23: * Fixed a regression in list handling that caused a crash for empty list items (Issue #553) * Fixed a regression in the number of rendered table of contents levels in PDF and PostScript output (Issue #554) - version update to 1.9.22: * Added a "--without-http" configure option to build without CUPS HTTP/HTTPS support (Issue #547) * Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x. * Updated the maximum image dimension to prevent integer overflow on 32-bit platforms (Issue #550) * Updated the HTML parser to correctly report the line number of errors in files with more than 2^32-1 lines (Issue #551) * Fixed a crash bug with certain markdown files (Issue #548) * Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552) - version update to 1.9.21 * Updated HTTP/HTTPS connection error reporting to include the reason. * Updated markdown parser. * Updated the HTTP/HTTPS connection timeout to 5 minutes (Issue #541) * Fixed a bug in the new PDF link code (Issue #536) * Fixed a bug in the number-up code (Issue #539) * Fixed a regression in leading whitespace handling (Issue #540) * Fixed a bug in numbered heading support (Issue #543) * Fixed a bug with setting the header on the first page (Issue #544) * Fixed paths in the HTMLDOC snap (Issue #545) ++++ kernel-source: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-source: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-docs: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-docs: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-kvmsmall: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-kvmsmall: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-obs-build: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-obs-build: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-obs-qa: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-obs-qa: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-syms: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-syms: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-zfcpdump: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ kernel-zfcpdump: - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - commit 6c2c54b - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - commit b3ff1a5 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit 8de8481 - arm64: Update config files. Disable DEVPORT (bsc#1256792) - commit 3858f73 - KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes). - commit b8ec588 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 1a032d9 ++++ libsoup2: - Add libsoup2-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). ++++ libsoup2: - Add libsoup2-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). - Refresh ef6c4bf6.patch, 04df03bc.patch, 29b96fab.patch, 48b3b611.patch, 4d12c3e5.patch, 96c22b67.patch and ced3c5d8.patch from upstream git. ++++ libsoup: - Add libsoup-CVE-2026-1536.patch: Always validate the headers value when coming from untrusted source (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c). - Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). ++++ libsoup: - Add libsoup-CVE-2026-1536.patch: Always validate the headers value when coming from untrusted source (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c). - Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). ++++ neovim: - Update license header in the spec file template ++++ pdfarranger: - Add python313.patch to fix compatibility with python313 boo#1257190, gh#pdfarranger/pdfarranger#1238 ++++ python-pip: - Add CVE-2026-1703.patch upstream patch (bsc#1257599, CVE-2026-1703, gh#pypa/pip#13777) ++++ python-pynetbox: - Update to version 7.6.1 Enhancements * Use dict instead of OrderedDict in Record serialization. New Features * Add cable path tracing support for front ports, rear ports, and virtual circuit terminations. Bug Fixes * Update internal object state after save operations to prevent attribute reset issues. ++++ selinux-policy: - Update to version 20250627+git347.b8926451e: * Add support for 'mariadb@.service' (bsc#1255024). ++++ suse-migration-services: - Update doc/adoc/user_guide.adoc Co-authored-by: Tom Schraitle ------------------------------------------------------------------ ------------------ 2026-2-2 - Feb 2 2026 ------------------- ------------------------------------------------------------------ ++++ SAPHanaSR-angi: - Version bump to 1.3.0 * Technology preview - Support for XSA standalone node in Mx-setup (one master, one XSA worker) * improve logging to SAP HANA trace file (gh#SUSE/SAPHanaSR#240; bsc#1257746) * improve HANA 'stop' logging (bsc#1257747) * improve srHook attribute logging (bsc#1257744) * stop lost slave workers, if master nameserver node crashed before promoting the secondary (score 101) * fix stop status for lost slave worker (bsc#1257747) * SAPHanaSR-alert-fencing could now restart a node without using cluster infrastructure (sysrq-trigger) So it's now crmsh agnostic (gh#SUSE/SAPHanaSR#291, but alternative implementation) * new man page SAPHanaSR-ScaleOut-XSA.7 * update man pages: ocf_suse_SAPHanaFilesystem.7 SAPHanaController-scale-out.7 SAPHanaController-scale-up.7 SAPHanaSR-alert-fencing.8 SAPHanaSR-angi-scenarios.7 SAPHanaSR-angi.7 SAPHanaSR-hookHelper.8 SAPHanaSR-ScaleOut.7 SAPHanaSR-ScaleOut_basic_cluster.7 SAPHanaSR-showAttr.8 SAPHanaSR_basic_cluster.7 SAPHanaSR_maintenance_examples.7 SAPHanaSR_upgrade_to_angi.7 susHanaSR.py.7 * update man pages - copyright date only: ocf_suse_SAPHanaController.7 ocf_suse_SAPHanaTopology.7 SAPHanaSR-manageProvider.8 SAPHanaSR-replay-archive.8 SAPHanaSR-show-hadr-runtimes.8 SAPHanaSR-showAttr_properties.5 SAPHanaSR-upgrade-to-angi-demo.8 SAPHanaSR.7 susChkSrv.py.7 susCostOpt.py.7 susHanaSrMultiTarget.py.7 susTkOver.py.7 - change required crmsh version from 4.4.0 to 4.4.2+20250526.46896f4 ++++ build: - pbuild: support for _manifest files - VM builds: fix export of mtime out of the build env - config: * tumbleweed syncing * slfo 1.2 updates * Re-create SLE 15 SP7 config (bsc#1251920) - oci-archive * Support package list introspection * Support sbom generation - Docker.pm: Also handle 'zypper update' - obs-docker-support: Pass --no-refresh to zypper - fail if PKGID can not be queried - Add a workaround to fix builds on debian aarch64 with old systemd versions - Add gzip retry for the sidestore downloads - Revert VCS indenting change to fix reproducible builds ++++ scanner-databases: - database refresh on 2026-02-02 (bsc#1084929) ++++ kernel-64kb: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-64kb: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-azure: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-azure: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-default: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-default: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-rt: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-rt: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ dtb-aarch64: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ dtb-aarch64: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ gnucobol: - Update keyring from the latest version from gnu ftp server ++++ kernel-source: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-source: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-docs: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-docs: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-kvmsmall: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-kvmsmall: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-obs-build: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-obs-build: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-obs-qa: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-obs-qa: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-syms: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-syms: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-zfcpdump: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ kernel-zfcpdump: - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit 9624e6c - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit a159cff - cifs: add new field to track the last access time of cfid (git-fixes). - commit 0cd09f9 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 98f179c - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 5e1a139 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit bf45795 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 3af214d - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 2da8b55 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 1c4a387 - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit 89771ce - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 0a828e9 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-codecs-wcd9375-Fix-double-free-of-regulator-sup.patch (git-fixes CVE-2025-38423 bsc#1247292). - Update patches.suse/ASoC-codecs-wcd937x-set-the-comp-soundwire-port-corr.patch (git-fixes CVE-2025-40045 bsc#1252784). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/EDAC-skx_common-Fix-general-protection-fault.patch (git-fixes CVE-2025-38298 bsc#1253079). - Update patches.suse/HID-nintendo-avoid-bluetooth-suspend-resume-stalls.patch (stable-fixes CVE-2025-38507 bsc#1248188). - Update patches.suse/HID-quirks-Add-quirk-for-2-Chicony-Electronics-HP-5M.patch (stable-fixes CVE-2025-38540 bsc#1248208). - Update patches.suse/Input-alps-fix-use-after-free-bugs-caused-by-dev3_re.patch (git-fixes CVE-2025-68822 bsc#1256668). - Update patches.suse/Input-lkkbd-disable-pending-work-before-freeing-devi.patch (stable-fixes CVE-2025-71073 bsc#1256632). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/PM-EM-Fix-potential-division-by-zero-error-in-em_com.patch (git-fixes CVE-2025-38297 bsc#1253078). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/benet-fix-BUG-when-creating-VFs.patch (git-fixes CVE-2025-38569 bsc#1248384). - Update patches.suse/block-avoid-possible-overflow-for-chunk_sectors-check-in-b.patch (git-fixes CVE-2025-39795 bsc#1249609). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/btrfs-don-t-log-conflicting-inode-if-it-s-a-dir-move.patch (git-fixes CVE-2025-68778 bsc#1256683). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/btrfs-fix-the-inode-leak-in-btrfs_iget.patch (git-fixes CVE-2025-37904 bsc#1243452). - Update patches.suse/ceph-fix-race-condition-validating-r_parent-before-applyin.patch (CVE-2025-39880 bsc#1250388 CVE-2025-39927 bsc#1250738). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch (git-fixes CVE-2025-71143 bsc#1256749). - Update patches.suse/comedi-aio_iiro_16-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38529 bsc#1248196). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/comedi-pcl812-Fix-bit-shift-out-of-bounds.patch (git-fixes CVE-2025-38530 bsc#1248206). - Update patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch (bsc#1256794 CVE-2025-71142 bsc#1256748). - Update patches.suse/crypto-af_alg-zero-initialize-memory-allocated-via-s.patch (git-fixes CVE-2025-71113 bsc#1256716). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-nbpfaxi-Fix-memory-corruption-in-probe.patch (git-fixes CVE-2025-38538 bsc#1248213). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch (git-fixes CVE-2025-38520 bsc#1248217). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-imagination-Fix-kernel-crash-when-hard-resetting.patch (git-fixes CVE-2025-38521 bsc#1248232). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/drm-sched-Increment-job-count-before-swapping-tail-s.patch (git-fixes CVE-2025-38515 bsc#1248212). - Update patches.suse/drm-tegra-nvdec-Fix-dma_alloc_coherent-error-check.patch (git-fixes CVE-2025-38543 bsc#1248214). - Update patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch (git-fixes CVE-2025-71141 bsc#1256756). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch (git-fixes CVE-2025-68802 bsc#1256661). - Update patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch (git-fixes CVE-2025-71099 bsc#1256592). - Update patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch (git-fixes CVE-2025-71076 bsc#1256627). - Update patches.suse/drm-xe-pf-Clear-all-LMTT-pages-on-alloc.patch (git-fixes CVE-2025-38511 bsc#1248175). - Update patches.suse/efivarfs-Fix-slab-out-of-bounds-in-efivarfs_d_compar.patch (git-fixes CVE-2025-39817 bsc#1249998). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-corsair-cpro-Validate-the-size-of-the-received.patch (git-fixes CVE-2025-38548 bsc#1248228). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ice-fix-NULL-pointer-dereference-in-ice_unplug_aux_d.patch (jsc#PED-13728 CVE-2025-39814 bsc#1249895). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/iio-adc-axp20x_adc-Add-missing-sentinel-to-AXP717-AD.patch (git-fixes CVE-2025-38547 bsc#1248222). - Update patches.suse/ipv6-mcast-Delay-put-pmc-idev-in-mld_del_delrec.patch (git-fixes CVE-2025-38550 bsc#1248227). - Update patches.suse/kasan-remove-kasan_find_vm_area-to-prevent-possible-.patch (git-fixes CVE-2025-38510 bsc#1248166). - Update patches.suse/lib-buildid-use-__kernel_read-for-sleepable-context.patch (git-fixes CVE-2026-23002 bsc#1257243). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/mount-handle-NULL-values-in-mnt_ns_release.patch (bsc#1254308 CVE-2025-40195 bsc#1253500). - Update patches.suse/neighbour-Fix-null-ptr-deref-in-neigh_flush_dev.patch (git-fixes CVE-2025-38589 bsc#1248366). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-mlx5-Check-device-memory-pointer-before-usage.patch (git-fixes CVE-2025-38645 bsc#1248626). - Update patches.suse/net-mlx5e-Remove-skb-secpath-if-xfrm-state-is-not-fo.patch (git-fixes CVE-2025-38590 bsc#1248360). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-phy-Don-t-register-LEDs-for-genphy.patch (git-fixes CVE-2025-38537 bsc#1248229). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch (git-fixes CVE-2024-54031 bsc#1235905). - Update patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch (git-fixes CVE-2026-22989 bsc#1257279). - Update patches.suse/phy-tegra-xusb-Fix-unbalanced-regulator-disable-in-U.patch (git-fixes CVE-2025-38535 bsc#1248240). - Update patches.suse/pinctrl-check-the-return-value-of-pinmux_ops-get_fun.patch (stable-fixes CVE-2025-40030 bsc#1252773). - Update patches.suse/pinctrl-qcom-msm-mark-certain-pins-as-invalid-for-in.patch (git-fixes CVE-2025-38516 bsc#1248209). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch (git-fixes CVE-2025-71101 bsc#1256594). - Update patches.suse/pm-cpupower-bench-Prevent-NULL-dereference-on-malloc.patch (stable-fixes CVE-2025-37841 bsc#1242974). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/tracing-fprobe-events-Fix-possible-UAF-on-modules.patch (git-fixes CVE-2025-37845 bsc#1242986). - Update patches.suse/tty-serial-uartlite-register-uart-driver-in-init.patch (stable-fixes CVE-2025-38262 bsc#1246282). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/virtio-net-fix-recursived-rtnl_lock-during-probe.patch (git-fixes CVE-2025-38551 bsc#1248234). - Update patches.suse/virtio-net-free-xsk_buffs-on-error-in-virtnet_xsk_po.patch (git-fixes CVE-2025-37955 bsc#1243507). - Update patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch (stable-fixes CVE-2025-37744 bsc#1243662). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-mt76-mt7925-Fix-null-ptr-deref-in-mt7925_therma.patch (git-fixes CVE-2025-38541 bsc#1248216). - Update patches.suse/wifi-mwifiex-discard-erroneous-disassoc-frames-on-ST.patch (git-fixes CVE-2025-38505 bsc#1248185). - Update patches.suse/wifi-prevent-A-MSDU-attacks-in-mesh-networks.patch (stable-fixes CVE-2025-38512 bsc#1248178). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - Update patches.suse/wifi-zd1211rw-Fix-potential-NULL-pointer-dereference.patch (git-fixes CVE-2025-38513 bsc#1248179). - Update patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch (git-fixes CVE-2025-37751 bsc#1242505). - commit 74167a5 - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit 651b1d4 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 395ffba - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 0d36e6c ++++ maven-compiler-plugin: - Upgrade to upsteam release 3.15.0 * Bug Fixes + Fix Java 25 compatibility during integration tests + MCOMPILER-540: useIncrementalCompilation=false may add generated sources to the sources list * Maintenance + Bump org.apache.maven.plugins:maven-plugins from 45 to 46 + Remove declaration of "plexus-snapshots" repository + Works only with Maven 4.0.0 rc4 + Enable Java 25 and Maven 4 in CI * Dependency updates + Bump maven-plugin-testing-harness to 3.5.0 + Bump plexusCompilerVersion from 2.15.0 to 2.16.2 + Bump org.apache.maven.plugins:maven-plugins from 46 to 47 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.ow2.asm:asm from 9.8 to 9.9.1 + Bump mavenVersion from 3.9.11 to 3.9.12 - Modified patch: * maven-compiler-plugin-bootstrap-resources.patch + regenerate in cycle by itself ++++ maven-compiler-plugin-bootstrap: - Upgrade to upsteam release 3.15.0 * Bug Fixes + Fix Java 25 compatibility during integration tests + MCOMPILER-540: useIncrementalCompilation=false may add generated sources to the sources list * Maintenance + Bump org.apache.maven.plugins:maven-plugins from 45 to 46 + Remove declaration of "plexus-snapshots" repository + Works only with Maven 4.0.0 rc4 + Enable Java 25 and Maven 4 in CI * Dependency updates + Bump maven-plugin-testing-harness to 3.5.0 + Bump plexusCompilerVersion from 2.15.0 to 2.16.2 + Bump org.apache.maven.plugins:maven-plugins from 46 to 47 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.ow2.asm:asm from 9.8 to 9.9.1 + Bump mavenVersion from 3.9.11 to 3.9.12 - Modified patch: * maven-compiler-plugin-bootstrap-resources.patch + regenerate in cycle by itself ++++ maven-dependency-analyzer: - Upgrade to upstream version 1.17.0 * New features and improvements + Recognize classes used in web.xml as main classes + Introduced a DependencyClassesProvider service * Maintenance + Update site descriptor to 2.0 + Fix badges in README + Exclude slf4j 2.x and mockito 5.x from dependabot + feat: enable prevent branch protection rules + Catch exceptions on all paths + Add Apache 2.0 LICENSE file + Handle corrupt constant pools + Remove redundant code + move default to end * Build + Build on GH also by Maven 4 * Dependency updates + Bump org.assertj:assertj-bom from 3.27.3 to 3.27.7 + Bump org.apache.maven.shared:maven-shared-components from 44 to 47 + Bump mavenVersion from 3.9.9 to 3.9.12 + Bump org.ow2.asm:asm from 9.8 to 9.9.1 + Update Invoker Plugin and Plugin tools to support Java 25 ++++ patch: - CVE-2021-45261.patch: Clear range of pointers before they are used/freed (boo#1194037 CVE-2021-45261). ++++ pcr-oracle: - Update to 0.5.9 + Fix event skipping due to double increment + Add '--persistent-srk' to make SRK persistent (bsc#1248516) ++++ rpmlint: - Switch to opensuse-slfo-1.2 branch. - Update to version 2.7.0+git20260122.f813669b: * systemd-tmpfiles: migrate texlive (bsc#1256841) * systemd-tmpfiles: whitelist sendmail spool directory (bsc#1256160) * permissions-whitelist: add exim drop-in file (bsc#1240755) ++++ rpmlint-strict: - Switch to opensuse-slfo-1.2 branch. - Update to version 2.7.0+git20260122.f813669b: * systemd-tmpfiles: migrate texlive (bsc#1256841) * systemd-tmpfiles: whitelist sendmail spool directory (bsc#1256160) * permissions-whitelist: add exim drop-in file (bsc#1240755) ++++ suse-migration-services: - Update documentation for 12-to-15 in pubclouds Fix information about default service pack target. Add information about product specific migrations Avoid repetitive and confusing information about SLES and the supported upgrade path ++++ trivy: - Update to version 0.69.0 (bsc#1255366, CVE-2025-64702): * release: v0.69.0 [main] (#9886) * chore: bump trivy-checks to v2 (#9875) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) * fix(repo): return a nil interface for gitAuth if missing (#10097) * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) * fix(rust): implement version inheritance for Cargo mono repos (#10011) * feat(activestate): add support ActiveState images (#10081) * feat(vex): support per-repo tls configuration (#10030) * refactor: allow per-request transport options override (#10083) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) * feat(rocky): enable modular package vulnerability detection (#10069) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) * feat(report): add Trivy version to JSON output (#10065) * fix(rust): add cargo workspace members glob support (#10032) * feat: add AnalyzedBy field to track which analyzer detected packages (#10059) * fix: use canonical SPDX license IDs from embeded licenses.json (#10053) * docs: fix link to Docker Image Specification (#10057) * feat(secret): add detection for Symfony default secret key (#9892) * refactor(misconf): move common logic to base value and simplify typed values (#9986) * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) * feat(misconf): use Terraform plan configuration to partially restore schema (#9623) * feat(misconf): add action block to Terraform schema (#10035) * fix(misconf): correct typos in block and attribute names (#9993) * test(misconf): simplify test values using *Test helpers (#9985) * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) * feat(misconf): support for ARM resources defined as an object (#9959) * feat(misconf): support for azurerm_*_web_app (#9944) * test: migrate private test helpers to `export_test.go` convention (#10043) * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) * fix(secret): improve word boundary detection for Hugging Face tokens (#10046) * fix(go): use ldflags version for all pseudo-versions (#10037) * chore: switch to ID from AVDID in internal and user-facing fields (#9655) * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) * fix: move enum into items for array-type fields in JSON Schema (#10039) * docs: fix incorrect documentation URLs (#10038) * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) * fix(docker): fix non-det scan results for images with embedded SBOM (#9866) * chore(deps): bump the github-actions group with 11 updates (#10001) * test: fix assertion after 2026 roll over (#10002) * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) * fix(license): normalize licenses for PostAnalyzers (#9941) * feat(nodejs): parse licenses from `package-lock.json` file (#9983) * chore: update reference links to Go Wiki (#9987) * refactor: add xslices.Map and replace lo.Map usages (#9984) * fix(image): race condition in image artifact inspection (#9966) * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971) * refactor(debian): use txtar format for test data (#9957) * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973) * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930) * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932) * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961) * perf(misconf): optimize string concatenation in azure scanner (#9969) * chore: add client option to install script (#9962) * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956) * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952) * docs: update binary signature verification for sigstore bundles (#9929) * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935) * chore(alpine): add EOL date for alpine 3.23 (#9934) * feat(cloudformation): add support for Fn::ForEach (#9508) * ci: enable `check-latest` for `setup-go` (#9931) * feat(debian): detect third-party packages using maintainer list (#9917) * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924) * feat(helm): add sslCertDir parameter (#9697) * fix(misconf): respect .yml files when Helm charts are detected (#9912) * feat(php): add support for dev dependencies in Composer (#9910) * chore(deps): bump the common group across 1 directory with 9 updates (#9903) * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859) * fix: remove trailing tab in statefulset template (#9889) * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800) * feat(misconf): initial ansible scanning support (#9332) * feat(misconf): Update Azure Database schema (#9811) * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869) * chore: update the install script (#9874) ------------------------------------------------------------------ ------------------ 2026-2-1 - Feb 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-64kb: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-azure: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-azure: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-default: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-default: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-rt: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-rt: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ dtb-aarch64: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ dtb-aarch64: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ freerdp: - Update to version 3.22.0: + Major bugfix release: * Complete overhaul of SDL client * Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes * Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now * Add some more stringify functions for logging * We've received CVE reports, check https://github.com/FreeRDP/FreeRDP/security/advisories for more details! @Keryer reported an issue affecting client and proxy: * CVE-2026-23948 @ehdgks0627 did some more fuzzying and found quite a number of client side bugs. * CVE-2026-24682 * CVE-2026-24683 * CVE-2026-24676 * CVE-2026-24677 * CVE-2026-24678 * CVE-2026-24684 * CVE-2026-24679 * CVE-2026-24681 * CVE-2026-24675 * CVE-2026-24491 * CVE-2026-24680 - Changes from version 3.21.0 * [core,info] fix missing NULL check (#12157) * [gateway,tsg] fix TSG_PACKET_RESPONSE parsing (#12161) * Allow querying auth identity with kerberos when running as a server (#12162) * Sspi krb heimdal (#12163) * Tsg fix idleTimeout parsing (#12167) * [channels,smartcard] revert 649f7de (#12166) * [crypto] deprecate er and der modules (#12170) * [channels,rdpei] lock full update, not only parts (#12175) * [winpr,platform] add WINPR_ATTR_NODISCARD macro (#12178) * Wlog cleanup (#12179) * new stringify functions & touch API defines (#12180) * Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos (#12171) * [channels,video] measure times in ns (#12184) * [utils] Nodiscard (#12187) * Error handling fixes (#12186) * [channels,drdynvc] check pointer before reset (#12189) * Winpr api def (#12190) * [winpr,platform] drop C23 [[nodiscard]] (#12192) * [gdi] add additional checks for a valid rdpGdi (#12194) * Sdl3 high dpiv2 (#12173) * peer: Disconnect if Logon() returned FALSE (#12196) * [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing (#12197) * [channel,rdpsnd] only clean up thread before free (#12199) * [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP (#12195) ++++ ibus-libpinyin: - Add PYPEnglishCandidates-fix-vector-iterator-invalidation.patch, fix a crash bug (boo#1257531, gh#libpinyin/ibus-libpinyin#549) ++++ kernel-source: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-source: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-docs: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-docs: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-kvmsmall: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-kvmsmall: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-obs-build: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-obs-build: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-obs-qa: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-obs-qa: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-syms: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-syms: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-zfcpdump: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ kernel-zfcpdump: - gpiolib: fix race condition for gdev->srcu (CVE-2026-22986 bsc#1257276). - commit 52ce57d - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit 17f45d0 - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 7c26c54 ++++ yt-dlp: - Update to release 2026.01.31 * yt: Add `web_embedded` fallback for `android_vr` client * yt: Remove broken `ios_downgraded` and `tv_embedded` player clients ------------------------------------------------------------------ ------------------ 2026-1-31 - Jan 31 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-64kb: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-azure: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-azure: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-default: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-default: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-rt: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-rt: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ dtb-aarch64: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ dtb-aarch64: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ gvfs: - Update to version 1.58.1: + cdda: Fix duration of last track for some media + build: Fix build when google option is disabled + Fix various memory leaks + Some other fixes + Updated translations. ++++ kernel-source: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-source: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-docs: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-docs: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-kvmsmall: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-kvmsmall: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-obs-build: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-obs-build: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-obs-qa: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-obs-qa: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-syms: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-syms: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-zfcpdump: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ++++ kernel-zfcpdump: - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit 49f747e - fuse: fix readahead reclaim deadlock (CVE-2025-68821 bsc#1256667). - commit f1828b7 - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: virtuser: fix UAF in configfs release path (git-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - iio: core: add separate lockdep class for info_exist_lock (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - iio: core: Replace lockdep_set_class() + mutex_init() by combined call (stable-fixes). - tpm: Compare HMAC values in constant time (stable-fixes). - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA (stable-fixes). - commit 3e7d134 ------------------------------------------------------------------ ------------------ 2026-1-30 - Jan 30 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches CVE-2026-22770 [bsc#1256969], improper pointer initialization can cause denial of service * ImageMagick-CVE-2026-22770.patch CVE-2026-23874 [bsc#1256976], manipulation of digital images can lead to stack overflow * ImageMagick-CVE-2026-23874.patch CVE-2026-23876 [bsc#1256962], maliciously crafted image can lead to heap buffer overflow * ImageMagick-CVE-2026-23876.patch CVE-2026-23952 [bsc#1257076], processing comment tag can cause null pointer dereference * ImageMagick-CVE-2026-23952.patch ++++ ImageMagick: - security update - added patches CVE-2026-22770 [bsc#1256969], improper pointer initialization can cause denial of service * ImageMagick-CVE-2026-22770.patch CVE-2026-23874 [bsc#1256976], manipulation of digital images can lead to stack overflow * ImageMagick-CVE-2026-23874.patch CVE-2026-23876 [bsc#1256962], maliciously crafted image can lead to heap buffer overflow * ImageMagick-CVE-2026-23876.patch CVE-2026-23952 [bsc#1257076], processing comment tag can cause null pointer dereference * ImageMagick-CVE-2026-23952.patch ++++ MozillaThunderbird: - Mozilla Thunderbird 140.7.1 ESR MFSA 2026-08 (bsc#1257397) * CVE-2026-0818 (bmo#1881530) CSS-based exfiltration of the content from partially encrypted emails when allowing remote content ++++ agama: - Do not export DASD settings if they are null (bsc#1257489). ++++ ansible-trento: - Release 1.0.0 [#]# What's Changed * Initial release (#91) @skrech * *Full Changelog**: https://github.com/trento-project/ansible/compare/0.9.9...1.0.0 ++++ scanner-databases: - database refresh on 2026-01-30 (bsc#1084929) ++++ kernel-64kb: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-64kb: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-azure: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-azure: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-default: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-default: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-rt: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-rt: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ cockpit-repos: - Update to version 4.7 * Translation updates * Dependency updates for bsc#1257325/CVE-2025-13465 ++++ cockpit-repos: - Update to version 4.7 * Translation updates * Dependency updates for bsc#1257325/CVE-2025-13465 ++++ dtb-aarch64: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ dtb-aarch64: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ fde-tools: - Add fde-tools-bsc1248516-tpm-Support-persistent-SRK.patch to support persistent SRK (bsc#1248516) ++++ gfxboot: - merge gh#openSUSE/gfxboot#58 - fix invalid operand size for movsx instructions (bsc#1257495) - 4.5.104 ++++ go1.25-openssl: - Packaging: * Fix bsc#1257486 missing label suffix go_label %{go_api}-openssl co-install of multiple go variants with the same version relies on the unique go_label redirection. go1.25-openssl was missing the -openssl suffix. * Whitespace cleanup to minimize diff to previous go1.x-openssl versions ++++ haproxy: - haproxy bad test for for legacy applets (bsc#1257521) BUG/MEDIUM: applet: Fix test on shut flags for legacy applets BUG/MAJOR: applet: Don't call I/O handler if the applet was shut Apply upstream patch: 0001-BUG-MEDIUM-applet-Fix-test-on-shut-flags-for-legacy.patch ++++ kernel-source: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-source: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-docs: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-docs: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-kvmsmall: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-kvmsmall: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-obs-build: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-obs-build: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-obs-qa: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-obs-qa: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-syms: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-syms: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-zfcpdump: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ kernel-zfcpdump: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit 0d997be - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - commit b3fc112 - dm-bufio: align write boundary on physical block size (git-fixes). - commit e8ab2ba - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - commit b6359d7 - dm-verity: disable recursive forward error correction (CVE-2025-71161, bsc#1257174). - commit 94c6d56 - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - commit a7ecc0e - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - commit 372915e - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - commit af47cfb - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). - commit 2590e39 - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - commit 4b01fb9 - tsm-mr: Add tsm-mr sample code (bsc#1257504). - commit bca5c7b - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - commit a919cc1 - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit e5558d8 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit 79bc198 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit 26b5de2 - Revert "mtd: spinand: esmt: fix id code for F50D1G41LB" (stable-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - net: phy: micrel: fix clk warning when removing the driver (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: at91_can: Fix memory leak in at91_can_probe() (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - tpm2-sessions: Fix tpm2_read_public range checks (git-fixes). - commit 46e120b ++++ xrdp: - Add xrdp-CVE-2025-68670.patch: Fix a potential overflow (bsc#1257362 CVE-2025-68670). ++++ yt-dlp: - added quickjs recommends as a lighter alternative to deno and nodejs ++++ suse-migration-services: - Apply make black - Added black for code formatting Add black target to the Makefile to achieve a common coding style and format. Also added a github action to check on that coding format to make sure our python code gets formatted in a consistent way. This github action checks on each pull request if the black coding formatter was applied to the pull request and fails if make black causes modifications ++++ tailscale: - Update to version 1.94.0: * IS SET and NOT SET have been added as device posture operators * India DERP Region City Name updated * Custom DERP servers support GCP Certificate Manager * Tailscale SSH authentication, when successful, results in LOGIN audit messages being sent to the kernel audit subsystem * Tailscale Peer Relay throughput is improved when the SO_REUSEPORT socket option is supported on multi-core systems * Tailscale Peer Relay server handshake transmission is guarded against routing loops over Tailscale * MagicDNS always resolves when using resolv.conf without a DNS manager * tailscaled_peer_relay_forwarded_packets_total and tailscaled_peer_relay_forwarded_bytes_total client metrics are available for Tailscale Peer Relays * Identity tokens are automatically generated for workload identities * --audience flag added to tailscale up command to support auto generation of ID tokens for workload identity * tsnet nodes can host Tailscale Services * The tailscale lock status -json command returns tailnet key authority (TKA) data in a stable format * Tailscale Peer Relays deliver improved throughput through monotonic time comparison optimizations and reduced lock contention * Tailscale Services virtual IPs are now automatically accepted by clients across all platforms regardless of the status of the --accept-routes feature ------------------------------------------------------------------ ------------------ 2026-1-29 - Jan 29 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ chromium: - use nodejs-common and use the version from /usr/bin/node - but use nodejs22 for code15 (while nodejs-common still points to nodejs14 there) ++++ kernel-64kb: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-64kb: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-azure: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-azure: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-default: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-default: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-rt: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-rt: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ dtb-aarch64: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ dtb-aarch64: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-source: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-source: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-docs: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-docs: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-kvmsmall: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-kvmsmall: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-obs-build: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-obs-build: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-obs-qa: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-obs-qa: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-syms: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-syms: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-zfcpdump: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ kernel-zfcpdump: - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - commit 6b4816a - Refresh patches.kabi/tpm2-sessions-kabi-workaround.patch Suppress compiler warnings due to missing prototypes. - commit e9a2f19 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - gve: defer interrupt enabling until NAPI registration (CVE-2025-71156 bsc#1257167). - mlxbf_gige: emit messages during open and probe failures (git-fixes). - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (git-fixes). - commit 247473b - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 5565f0e - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit 38b098b - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168) - commit 7027c8b - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit d8e9577 - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit e7cc137 - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 7956a17 ++++ mariadb: - Fix incomplete SELinux labels during database update (bsc#1255024) ++++ libzypp: - Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. - Fix runtime check for broken rpm --runposttrans (bsc#1257068) - version 17.38.2 (35) ++++ nvidia-open-driver-G06-signed-cuda: - apply kernel-5.14.patch also on sle15-sp5 in order to fix build and adjusted it to sle15-sp5 kernel ++++ nvidia-open-driver-G06-signed: - apply kernel-5.14.patch also on sle15-sp5 in order to fix build and adjusted it to sle15-sp5 kernel ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ openQA: - Update to version 5.1769644379.ef069e9d: * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ podman: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ++++ yt-dlp: - Update to release 2026.01.29 * Accept float values for command-line option `--sleep-subtitles` * Add `--format-sort-reset` option * yt: Support comment subthreads ++++ qemu: - Fix bsc#1257474: * ui/vdagent: remove migration blocker (bsc#1257474) * ui/vdagent: add migration support (bsc#1257474) * ui/vdagent: factor out clipboard peer registration (bsc#1257474) * ui/vdagent: keep "connected" state (bsc#1257474) * ui/vdagent: replace Buffer with GByteArray (bsc#1257474) * ui/clipboard: delay clipboard update when not running (bsc#1257474) * ui/clipboard: add vmstate_cbinfo (bsc#1257474) * ui/clipboard: split out QemuClipboardContent (bsc#1257474) * ui/clipboard: use int for selection field (bsc#1257474) * ui/gtk: warn if setting the clipboard failed (bsc#1257474) - Bug and spec file fixes: * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) * [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too ++++ qemu-linux-user: - Fix bsc#1257474: * ui/vdagent: remove migration blocker (bsc#1257474) * ui/vdagent: add migration support (bsc#1257474) * ui/vdagent: factor out clipboard peer registration (bsc#1257474) * ui/vdagent: keep "connected" state (bsc#1257474) * ui/vdagent: replace Buffer with GByteArray (bsc#1257474) * ui/clipboard: delay clipboard update when not running (bsc#1257474) * ui/clipboard: add vmstate_cbinfo (bsc#1257474) * ui/clipboard: split out QemuClipboardContent (bsc#1257474) * ui/clipboard: use int for selection field (bsc#1257474) * ui/gtk: warn if setting the clipboard failed (bsc#1257474) - Bug and spec file fixes: * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) * [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too ++++ suse-migration-services: - refactor: add `Zypper.install` wrapper Add `Zypper.install` wrapper method for package installation ++++ syslinux: - bsc#1257495: NASM (3.00+) requires explicit size hints Add syslinux-4.04-size.patch ------------------------------------------------------------------ ------------------ 2026-1-28 - Jan 28 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ chromium: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API ++++ kernel-64kb: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-64kb: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-azure: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-azure: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-default: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-default: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-rt: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-rt: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ cockpit: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ crmsh: - Update to version 5.0.0+20260126.316aa9fa: * Dev: options: Change 'force' option to be session-only (bsc#1254892) * Fix: sbd: Allow setting -1 to stonith-watchdog-timeout (bsc#1257143) * Fix: qdevice: Make sure stonith-watchdog-timeout is 2 times of SBD_WATCHDOG_TIMEOUT (bsc#1254571) * Fix: migration: Avoid exception inside thread * Dev: sbd: Remove sbd configuration directories while removing cluster node ++++ gpg2: - Security fix * [bsc#1257396, CVE-2026-24882] - gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys - Added gnupg-CVE-2026-24882.patch * [bsc#1257395, CVE-2026-24883] - gpg2: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value - Added gnupg-CVE-2026-24883.patch - Security fix [bsc#1256389] (gpg.fail/filename) * Added gnupg-accepts-path-separators-literal-data.patch * GnuPG Accepts Path Separators and Path Traversals in Literal Data ++++ doomsday: - Disable ARM & RISC-V builds, as the program crashes on startup with SIGBUS. - Add doomsday-gles.patch to fix a build failure on GLES3 platforms. ++++ dtb-aarch64: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ dtb-aarch64: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ librsvg: - Update to version 2.60.2: + Fix the check for the cargo-cbuild version. ++++ golang-github-prometheus-prometheus: - CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * Add 0004-Bump-lodash.patch - Build only for SUSE distributions ++++ golang-github-prometheus-prometheus: - CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * Add 0004-Bump-lodash.patch - Build only for SUSE distributions ++++ kernel-source: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-source: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-docs: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-docs: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-kvmsmall: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-kvmsmall: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-obs-build: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-obs-build: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-obs-qa: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-obs-qa: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-syms: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-syms: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-zfcpdump: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ kernel-zfcpdump: - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit ef2665d - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 19d5700 - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit ec226dd - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 9a83c42 - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - commit 1c268d0 - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit 1a25880 - selftests/bpf: ns_current_pid_tgid: Use test_progs's ns_ feature (bsc#1255552 CVE-2025-68363). - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit deba1cc ++++ libpng16: - security update - added patches CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage` CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage` * libpng16-CVE-2025-28162,28164.patch ++++ libpng16: - security update - added patches CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage` CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage` * libpng16-CVE-2025-28162,28164.patch ++++ openQA: - Update to version 5.1769603414.6c0fa72e: * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree ++++ orthanc-tcia: - version 1.3 * Replaced default base URL of TCIA REST API from "https://services.cancerimagingarchive.net/services/v4/TCIA/query" to "https://nbia.cancerimagingarchive.net/nbia-api/services/v4" * Added configuration option "BaseUrl" to manually configure the base URL * Fix for newer versions of the NBIA cart file format * Upgrade to Orthanc framework 1.12.3 ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables ++++ python-aiohttp: - Add patch CVE-2025-69223-auto_decompress-zip-bomb.patch: * Prevent zip bomb with parser auto_compress feature. (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg) - Add patch CVE-2025-69224-unicode-processing-header-values.patch: * Check for ASCII in header values (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2) - Add patch CVE-2025-69225-forbid-non-ascii-in-range.patch: * Forbid non-ASCII decimals in the Range header (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8) - Add patch CVE-2025-69226-brute-force-leak-static-elements.patch: * Reject static URLs that traverse outside static root (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76) - Add patch CVE-2025-69227-raise-exceptions-not-asserts.patch: * Raise exceptions when processing a POST body (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23) - Add patch CVE-2025-69228-enforce-client_max_size-for-entire-multipart.patch * Enforce client_max_size over entire multipart form (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf) - Add patch CVE-2025-69229-small-chunk-exhaustion.patch: * Pause reading of chunks when it reaches a high water mark (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq) ++++ python-wheel: - Add CVE-2026-24049.patch to fix CVE-2026-24049 (bsc#1257100) ------------------------------------------------------------------ ------------------ 2026-1-27 - Jan 27 2026 ------------------- ------------------------------------------------------------------ ++++ assertj-core: - Upgrade to version 3.27.7 * Security + Fix XXE vulnerability in isXmlEqualTo assertion (bsc#1257293, CVE-2026-24400) * Breaking Changes + Delegate OptionalDouble value comparison to Double.compare in hasValue assertion + Replace assertThat(Temporal) with assertThatTemporal(Temporal) * Deprecated + Deprecate ObjectAssertFactory in favor of Assertions.assertThat(Object) + Deprecate AssertionErrorFactory in favor of AssertionErrorCreator + Deprecate catchThrowableOfType(ThrowingCallable, Class) in favor of catchThrowableOfType(Class, ThrowingCallable) + Deprecate assertThat(Iterable, AssertFactory), + Deprecate ClassBasedNavigableIterableAssert and ClassBasedNavigableListAssert + Deprecate usingComparatorForFields and remove deprecated assertions from usingComparatorForType documentation + Deprecate hasCauseReference(Throwable) from Throwable assertions + Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta + Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue + Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue + Deprecate XmlStringPrettyFormatter with no replacement * New Features + Support multiple AfterAssertionErrorCollected callbacks + Add InstanceOfAssertFactory for Set instances + Add doesNotContainKey and doesNotContainKeys to Guava Multimap assertions + Add assertions for JDK YearMonth type + Add TemporalAssert type + Add ignoringFieldsOfTypesMatchingRegexes + Add fail(Throwable) and fail() variants + Add isPrivate to Class assertions + Add doesNot[Start/End]WithWhitespace methods to CharSequence assertions + Add createAssert(ValueProvider) to AssertFactory + Add values() navigation method to AbstractMapAssert + Add bytes()/bytes(Charset)/bytes(String) navigation methods to AbstractStringAssert + Add doesNotThrowAnyExceptionExcept to AbstractThrowableAssert + Add hasPermittedSubclasses to Class assertions + Add isUnmodifiable to Iterator assertions + Add actual() to access the object under test + Add isCompletedWithValueMatchingWithin to CompletableFuture assertions + Add completesExceptionallyWithin to CompletableFuture assertions + Add inBinary to CharSequence assertions + Support for Assertions.byLessThan(Duration) and Assertions.within(Duration) + Add standard representation for CharSequence + Add predicate descriptions overloads to anyMatch and noneMatch + Add doesNotMatch(Predicate) + Add usingEquals accepting a BiPredicate and an optional description to provide a custom comparison in assertions + Add isNotEmpty to Table assertions * Bug Fixes + Preserve original order of elements when returning duplicates on doesNotHaveDuplicates + Make isNotEqualTo(boolean) pass when actual is null + Fix isEqualTo comparison of Timestamp instances with Instant + Fix Instant conversion with Date assertions + Rebuild default date formats used to parse strings as dates when default timezone or lenient flag changes + Fix Javadoc rendering on FactoryBasedNavigableListAssert::assertThat + Allow ComparingNormalizedFields instances to be reused across different assertions + Recursive assertion hasNoNullFields throws NPE with fields of anonymous and local types + Fix incorrect mutation of actualElementsGroupedByHashCode in recursive comparison + Recursive comparison ignoringFields not working properly with maps + Custom representation ignored when describing expected items not in the actual list + hasFieldOrPropertyWithValue swallows exceptions thrown by getters, and reports non-existent property instead + satisfies() with nested assertions obscures stack trace + Recursive comparison fails if ignored fields are not found in expected + Fix missing introspection for record accessors + Honor assertion description in asString() + Avoid InputStream manipulation when mark / reset are supported + NPE with custom RecursiveComparisonConfiguration on usingRecursiveFieldByFieldElementComparator + Restore support for null-valued maps when ignoring fields + Fix StandardRepresentation regression for unquoted strings + Fix thread-safety in AbstractDateAssert + Add missing export for org.assertj.core.annotation + Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header * Improvements + Avoid duplicating maven-javadoc-plugin configuration and CSS files + Favor additionalOption entries in maven-javadoc-plugin + Fix typo in Javadoc + Improve AssertFactory Javadoc + Add Throwable stack trace to ShouldHaveCauseExactlyInstance + Fix typo + Add Throwable stack trace to ShouldHaveCauseInstance + Implement boolean assertions directly in AbstractBooleanAssert and remove Booleans internal class + Remove stack trace elements triggered by AssertJ in addition to AssertJ elements + Report all failing conditions when using satisfies(allOf(Condition...)) + Fix Unicode escapes in inUnicode() Javadoc + Show error differences if values were compared with equals in recursive comparison + Add throwable stacktrace to ShouldNotContainCharSequence + Remove unused code and other minor cleanup + Simplify comparison strategy isLessThan and isLessThanOrEqualTo in AbstractComparisonStrategy + Update AbstractCharSequenceAssert.java reference + Include stack trace of internal errors in all/any satisfy assertions + Declare license using SPDX identifier + Add Class info to class loading strategy failures + Migrate to the Central Publisher Portal, enable snapshot publishing + Annotate fail methods with custom @Contract + ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 ++++ aws-cli-cmd: - Fix install/upgrade/removal With the release of flake-pilot 3.1.27 a force option for registration and deregistration has been added. This allows for a simpler registration processing in the spec file of the -cmd package. This commit adds registration and deregistration helper scripts and calls them as part of the spec pre/post processing macros. The macro setup makes sure: 1. The flake gets registered as %post install action 2. The flake gets deregistered as %preun uninstall (no upgrade) action With regards to the already released package and the existing macro code the following applies: The %postun code from the old package runs after the %post code of the new package and only in upgrade mode. This would harm the registration which is the reason why we again call register_aws in %posttrans which is the last action of the entire transaction and ensures the registration will be effective ++++ kernel-64kb: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-64kb: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-azure: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-azure: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-default: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-default: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-rt: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-rt: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ cockpit-machines: - Update dependencies for bsc#1257325/CVE-2025-13465 - Update to 346 * 346 - Performance improvements - Translation updates * 345 - New virtual machines don't get SPICE graphics anymore - Support for network port forwarding - Bug fixes and translation updates ++++ dtb-aarch64: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ dtb-aarch64: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ glib2: - Add CVE fixes: + glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484 glgo#GNOME/glib!4979). + glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485 glgo#GNOME/glib!4981). + glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489 glgo#GNOME/glib!4984). ++++ glib2-doc: - Add CVE fixes: + glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484 glgo#GNOME/glib!4979). + glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485 glgo#GNOME/glib!4981). + glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489 glgo#GNOME/glib!4984). ++++ kernel-source: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-source: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-docs: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-docs: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-kvmsmall: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-kvmsmall: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-obs-build: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-obs-build: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-obs-qa: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-obs-qa: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-syms: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-syms: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-zfcpdump: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ kernel-zfcpdump: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 599ecfb - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 72f882c - btrfs: use variable for end offset in extent_writepage_io() (git-fixes). - commit b0ce396 - btrfs: truncate ordered extent when skipping writeback past i_size (git-fixes). - commit 2d28056 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (git-fixes). - commit 58c1893 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 39b8d0d - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - commit 123e6ba - scripts/cve_tools/kss-dashboard: --exportpatch: Skip commits that are in base kernel - commit ef59f5e - scripts/cve_tools/kss-dashboard: Simplify --exportpatch condition Use the filtering logic only once. (This changes warning messages when patch would have been both backported and blacklisted.) Fix insert_sereis comand when we end up with empty patch set. - commit d3bd915 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 738511e ++++ openssl-3: - Security fixes: * Missing ASN1_TYPE validation in PKCS#12 parsing - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419] * TLS 1.3 CompressedCertificate excessive memory allocation - openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199] * Heap out-of-bounds write in BIO_f_linebuffer on short writes - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160] * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418] * 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB - openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469] * Stack buffer overflow in CMS AuthEnvelopedData parsing - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467] - openssl-CVE-2025-15467-comments.patch - openssl-CVE-2025-15467-test.patch * Improper validation of PBMAC1 parameters in PKCS#12 MAC verification - openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187] * NULL dereference in SSL_CIPHER_find() function on unknown cipher ID - openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468] - Enable livepatching support for ppc64le [bsc#1257274] ++++ openssl-3: - Security fixes: * Missing ASN1_TYPE validation in PKCS#12 parsing - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419] * TLS 1.3 CompressedCertificate excessive memory allocation - openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199] * Heap out-of-bounds write in BIO_f_linebuffer on short writes - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160] * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418] * 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB - openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469] * Stack buffer overflow in CMS AuthEnvelopedData parsing - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467] - openssl-CVE-2025-15467-comments.patch - openssl-CVE-2025-15467-test.patch * Improper validation of PBMAC1 parameters in PKCS#12 MAC verification - openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187] * NULL dereference in SSL_CIPHER_find() function on unknown cipher ID - openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468] - Enable livepatching support for ppc64le [bsc#1257274] ++++ protobuf: - Delete deprecated google/__init__.py namespace file ++++ python313-core: - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further encoding EOL possibly hidden in email headers (bsc#1257181). ++++ python313-nogil-nogil-core: - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further encoding EOL possibly hidden in email headers (bsc#1257181). ++++ open-vm-tools: - update to 13.0.10 based on build 25056151: (boo#1257357): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.10 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.10 release. This is primarily a maintenance release that addresses a fix. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to handle a new cloud-init error code that signals a recoverable error and allow cloud-init to finish running. For a more complete description of what's new in this release, see the What's New and Resolved Issues sections of the Release Notes. ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results ++++ protobuf-java: - Delete deprecated google/__init__.py namespace file ++++ python313: - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further encoding EOL possibly hidden in email headers (bsc#1257181). ++++ python313-documentation: - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further encoding EOL possibly hidden in email headers (bsc#1257181). ++++ python313-nogil: - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further encoding EOL possibly hidden in email headers (bsc#1257181). ++++ python-protobuf: - Delete deprecated google/__init__.py namespace file ++++ python-python-multipart: - Add CVE-2026-24486.patch to fix CVE-2026-24486 (bsc#1257301) ------------------------------------------------------------------ ------------------ 2026-1-26 - Jan 26 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-64kb: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-azure: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-azure: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-default: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-default: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-rt: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-rt: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ dtb-aarch64: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ dtb-aarch64: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ flake-pilot: - Bump version: 3.1.26 → 3.1.27 - Add support for --force option for remove Add support for podman remove --force mode. In this mode the referenced application will be force removed and no sanity checks if this is pointing to a flake registration will be done. Eventually missing files do not cause an error. - Fix spec file Allow to build for Fedora, fix packager e-mail - Bump version: 3.1.25 → 3.1.26 - Allow force registration with arbitrary data When using --force also register even if the eventually conflicting file does not belong to a flake registration ++++ hwinfo: - merge gh#openSUSE/hwinfo#175 - include package spec file in git repo - adjust spec file for immutable mode: switch to using systemd-tmpfiles (jsc#PED-14832) - update git2log script - 25.1 ++++ java-25-openjdk: - Update to upstream tag jdk-25.0.2+10 (January 2026 CPU) * CVEs + CVE-2026-21925, bsc#1257034 + CVE-2026-21932, bsc#1257036 + CVE-2026-21933, bsc#1257037 + CVE-2026-21945, bsc#1257038 * Changes + JDK-8023263: [TESTBUG] Test closed/java/awt/Focus/ /InactiveWindowTest/InactiveFocusRace fails due to not enough time to initialize graphic components + JDK-8162380: [TEST_BUG] MouseEvent/.../ /AltGraphModifierTest.java has only "Fail" button + JDK-8201778: Speed up test javax/net/ssl/DTLS/PacketLossRetransmission.java + JDK-8265429: Improve GCM encryption + JDK-8277444: Data race between JvmtiClassFileReconstituter::copy_bytecodes and class linking + JDK-8279005: sun/tools/jstat tests do not check for test case exit codes after JDK-8245129 + JDK-8304811: vmTestbase/vm/mlvm/indy/func/jvmti/ /stepBreakPopReturn/INDIFY_Test.java fails with JVMTI_ERROR_TYPE_MISMATCH + JDK-8305567: serviceability/tmtools/jstat/GcTest01.java failed utils.JstatGcResults.assertConsistency + JDK-8317801: java/net/Socket/asyncClose/Race.java fails intermittently (aix) + JDK-8320836: jtreg gtest runs should limit heap size + JDK-8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically + JDK-8333526: Restructure java/nio/channels/DatagramChannel/ /StressNativeSignal.java to a fail fast exception handling policy + JDK-8333783: java/nio/channels/FileChannel/directio/ /DirectIOTest.java is unstable with AV software + JDK-8334238: Enhance AddLShortcutTest jpackage test + JDK-8335986: Test javax/swing/JCheckBox/4449413/ /bug4449413.java fails on Windows 11 x64 because RBMenuItem's and CBMenuItem's checkmark on the left side are not visible + JDK-8341496: Improve JMX connections + JDK-8343218: Add option to disable allocating interface and abstract classes in non-class metaspace + JDK-8343546: GHA: Cache required dependencies in master-branch workflow + JDK-8345810: Custom launchers must be linked with pthread to avoid dynamic linker issues + JDK-8346753: Test javax/swing/JMenuItem/RightLeftOrientation/ /RightLeftOrientation.java fails on Windows Server 2025 x64 because the icons of RBMenuItem and CBMenuItem are not visible in Nimbus LookAndFeel + JDK-8346839: [TESTBUG] "java/awt/textfield/setechochartest4/ /setechochartest4.java" failed because the test frame disappears on clicking "Click Several Times" button + JDK-8346884: Add since checker test to jdk.editpad + JDK-8346952: GetGraphicsStressTest.java fails: Native resources unavailable + JDK-8347277: java/awt/Focus/ComponentLostFocusTest.java fails intermittently + JDK-8349188: LineBorder does not scale correctly + JDK-8350621: Code cache stops scheduling GC + JDK-8351487: [ubsan] jvmti.h runtime error: load of value which is not a valid value + JDK-8352016: Improve java/lang/RuntimeTests/RuntimeExitLogTest.java + JDK-8354348: Enable Extended EVEX to REX2/REX demotion for commutative operations with same dst and src2 + JDK-8354415: [Ubuntu25.04] api/java_awt/GraphicsDevice/ /indexTGF.html#SetDisplayMode - setDisplayMode_REFRESH_RATE_UNKNOWN fails: Height is different on vnc + JDK-8354447: Missing test for retroactive @SuppressWarnings("dangling-doc-comments") behavior + JDK-8354646: java.awt.TextField allows to identify the spaces in a password when double clicked at the starting and end of the text + JDK-8355478: DoubleActionESC.java fails intermittently + JDK-8356324: JVM crash (SIGSEGV at ClassListParser::resolve_indy_impl) during -Xshare:dump starting from 21.0.5 + JDK-8356897: Update NSS library to 3.111 + JDK-8357064: cds/appcds/ArchiveRelocationTest.java failed with missing expected output + JDK-8357141: Update to use jtreg 7.5.2 + JDK-8357382: runtime/cds/appcds/aotClassLinking/ /BulkLoaderTest.java#aot fails with Xcomp and C1 + JDK-8357396: Refactor nmethod::make_not_entrant to use Enum instead of "const char*" + JDK-8357691: File blocked.certs contains bad content when boot jdk 25 is used, sun/security/lib/CheckBlockedCerts.java failing + JDK-8357694: RISC-V: Several IR verification tests fail when vlen=128 + JDK-8357799: Improve instructions for JFileChooser/HTMLFileName.java + JDK-8357816: Add test from JDK-8350576 + JDK-8357822: C2: Multiple string optimization tests are no longer testing string concatenation optimizations + JDK-8357959: (bf) ByteBuffer.allocateDirect initialization can result in large TTSP spikes + JDK-8358048: java/net/httpclient/HttpsTunnelAuthTest.java incorrectly calls Thread::stop + JDK-8358340: Support CDS heap archive with Generational Shenandoah + JDK-8358532: JFileChooser in GTK L&F still displays HTML filename + JDK-8358535: Changes in ClassValue (JDK-8351996) caused a 1-9% regression in Renaissance-PageRank + JDK-8358556: Assert when running with -XX:-UseLibmIntrinsic + JDK-8358685: [TEST] AOTLoggingTag.java failed with missing log message + JDK-8358697: TextLayout/MyanmarTextTest.java passes if no Myanmar font is found + JDK-8358723: jpackage signing issues: the main launcher doesn't have entitlements + JDK-8358748: Large page size initialization fails with assert "page_size must be a power of 2" + JDK-8358751: C2: Recursive inlining check for compiled lambda forms is broken + JDK-8358813: JPasswordField identifies spaces in password via delete shortcuts + JDK-8359061: Update and ProblemList manual test java/awt/Cursor/CursorDragTest/ListDragCursor.java + JDK-8359104: gc/TestAlwaysPreTouchBehavior.java# fails on Linux + JDK-8359105: RISC-V: No need for acquire fence in safepoint poll during JNI calls + JDK-8359127: Amend java/nio/channels/DatagramChannel/ /PromiscuousIPv6.java to use @requires for OS platform selection + JDK-8359167: Remove unused test/hotspot/jtreg/vmTestbase/nsk/ /share/jpda/BindServer.java + JDK-8359207: Remove runtime/signal/TestSigusr2.java since it is always skipped + JDK-8359423: Improve error message in case of missing jsa shared archive + JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again + JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test + JDK-8359477: com/sun/net/httpserver/Test12.java appears to have a temp file race + JDK-8359501: Enhance Handling of URIs + JDK-8359687: Use PassFailJFrame for java/awt/print/Dialog/DialogType.java + JDK-8359690: New test TestCPUTimeSampleThrottling still fails intermittently + JDK-8359735: [Ubuntu 25.10] java/lang/ProcessBuilder/ /Basic.java, java/lang/ProcessHandle/InfoTest.java fail due to rust-coreutils + JDK-8359827: Test runtime/Thread/ThreadCountLimit.java need loop increasing the limit + JDK-8360022: ClassRefDupInConstantPoolTest.java fails when running in repeat + JDK-8360090: [TEST] RISC-V: disable some cds tests on qemu + JDK-8360178: TestArguments.atojulong gtest has incorrect format string + JDK-8360219: [AIX] assert(locals_base >= l2) failed: bad placement + JDK-8360255: runtime/jni/checked/TestLargeUTF8Length.java fails with -XX:-CompactStrings + JDK-8360408: [TEST] Use @requires tag instead of exiting based on "os.name" property value for sun/net/www/protocol/file/FileURLTest.java + JDK-8360411: [TEST] open/test/jdk/java/io/File/ /MaxPathLength.java Refactor extract method to encapsulate Windows specific test logic + JDK-8360518: Docker tests do not work when asan is configured + JDK-8360520: RISC-V: C1: Fix primitive array clone intrinsic regression after JDK-8333154 + JDK-8360664: Null pointer dereference in src/hotspot/share/ /prims/jvmtiTagMap.cpp in IterateOverHeapObjectClosure::do_object() + JDK-8360783: CTW: Skip deoptimization between tiers + JDK-8360791: [ubsan] Adjust signal handling + JDK-8360867: CTW: Disable inline cache verification + JDK-8360981: Remove use of Thread.stop in test/jdk/java/net/Socket/DeadlockTest.java + JDK-8361112: Use exact float -> Float16 conversion method in Float16 tests + JDK-8361180: Disable CompiledDirectCall verification with - VerifyInlineCaches + JDK-8361198: [AIX] fix misleading error output in thread_cpu_time_unchecked + JDK-8361211: C2: Final graph reshaping generates unencodeable klass constants + JDK-8361215: Add AOT test case: verification constraint classes are excluded + JDK-8361253: CommandLineOptionTest library should report observed values on failure + JDK-8361255: CTW: Tolerate more NCDFE problems + JDK-8361298: SwingUtilities/bug4967768.java fails where character P is not underline + JDK-8361314: Test serviceability/jvmti/VMEvent/MyPackage/ /VMEventRecursionTest.java FATAL ERROR in native method: Failed during the GetClassSignature call + JDK-8361367: AOT ExcludedClasses.java test failed with missing constant pool logs + JDK-8361423: Add IPSupport::printPlatformSupport to java/net/NetworkInterface/IPv4Only.java + JDK-8361449: RISC-V: Code cleanup for native call + JDK-8361478: GHA: Use MSYS2 from GHA runners + JDK-8361494: [IR Framework] Escape too much in replacement of placeholder + JDK-8361497: Scoped Values: orElse and orElseThrow do not access the cache + JDK-8361504: RISC-V: Make C1 clone intrinsic platform guard more specific + JDK-8361520: Stabilize SystemGC benchmarks + JDK-8361599: [PPC64] enable missing tests via jtreg requires + JDK-8361711: Add library name configurability to PKCS11Test.java + JDK-8361748: Enforce limits on the size of an XBM image + JDK-8361839: Problemlist BogusFocusableWindowState due to failures in the CI pipeline + JDK-8361868: [GCC static analyzer] complains about missing calloc - NULL checks in p11_util.c + JDK-8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c + JDK-8361888: [GCC static analyzer] ProcessImpl_md.c Java_java_lang_ProcessImpl_forkAndExec error: use of uninitialized value '*(ChildStuff *)p.mode + JDK-8361892: AArch64: Incorrect matching rule leading to improper oop instruction encoding + JDK-8361897: gc/z/TestUncommit.java fails with Uncommitted too slow + JDK-8361948: Shenandoah: region free capacity unit mismatch + JDK-8361950: Update to use jtreg 8 + JDK-8361959: [GCC static analyzer] java_props_md.c leak of 'temp' variable is reported + JDK-8362107: Update the Jan CPU26_01 release date in master branch after forking Oct CPU25_10 + JDK-8362123: ClassLoader Leak via Executors.newSingleThreadExecutor(...) + JDK-8362169: Pointer passed to upcall may get wrong scope + JDK-8362204: test/jdk/sun/awt/font/TestDevTransform.java fails on Ubuntu 24.04 + JDK-8362207: Add more test cases for possible double-rounding in fma + JDK-8362282: runtime/logging/StressAsyncUL.java failed with exitValue = 134 + JDK-8362308: Enhance Bitmap operations + JDK-8362379: Test serviceability/HeapDump/ /UnmountedVThreadNativeMethodAtTop.java should mark as /native + JDK-8362390: AIX make fails in awt_GraphicsEnv.c + JDK-8362482: [TESTBUG] serviceability/HeapDump/ /UnmountedVThreadNativeMethodAtTop.java: System.gc() does not provide full GC + JDK-8362501: Update test/hotspot/jtreg/applications/jcstress/ /README + JDK-8362515: RISC-V: cleanup NativeFarCall + JDK-8362516: Support of GCC static analyzer (-fanalyzer) + JDK-8362530: VM crash with -XX:+PrintTieredEvents when collecting AOT profiling + JDK-8362532: Test gc/g1/plab/* duplicate command-line options + JDK-8362533: Tests sun/management/jmxremote/bootstrap/* duplicate VM flags + JDK-8362581: Timeouts in java/nio/channels/SocketChannel/OpenLeak.java on UNIX + JDK-8362582: GHA: Increase bundle retention time to deal with infra overload better + JDK-8362596: RISC-V: Improve _vectorizedHashCode intrinsic + JDK-8362602: Add test.timeout.factor to CompileFactory to avoid test timeouts + JDK-8362632: Improve HttpServer Request handling + JDK-8362834: Several runtime/Thread tests should mark as /native + JDK-8362836: JFR: Broken pipe in jdk/jfr/event/io/TestIOTopFrame.java + JDK-8362838: RISC-V: Incorrect matching rule leading to improper oop instruction encoding + JDK-8362855: Test java/net/ipv6tests/TcpTest.java should report SkippedException when there no ia4addr or ia6addr + JDK-8362889: [GCC static analyzer] leak in libstringPlatformChars.c + JDK-8362972: C2 fails with unexpected node in SuperWord truncation: IsFiniteF, IsFiniteD + JDK-8363676: [GCC static analyzer] missing return value check of malloc in OGLContext_SetTransform + JDK-8363696: Update the release version and date for OpenJDK 25u + JDK-8363720: Follow up to JDK-8360411 with post review comments + JDK-8363895: Minimal build fails with slowdebug builds after JDK-8354887 + JDK-8363898: RISC-V: TestRangeCheckHoistingScaledIV.java fails after JDK-8355293 when running without RVV + JDK-8363910: Avoid tuning for Power10 CPUs on Linux ppc64le when gcc < 10 is used + JDK-8363928: Specifying AOTCacheOutput with a blank path causes the JVM to crash + JDK-8363965: GHA: Switch cross-compiling sysroots to Debian bookworm + JDK-8363966: GHA: Switch cross-compiling sysroots to Debian trixie + JDK-8364090: Dump JFR recording on CrashOnOutOfMemoryError + JDK-8364111: InstanceMirrorKlass iterators should handle CDS and hidden classes consistently + JDK-8364114: Test TestHugePageDecisionsAtVMStartup.java#LP_enabled fails when no free hugepage + JDK-8364120: RISC-V: unify the usage of MacroAssembler::instruction_size + JDK-8364150: RISC-V: Leftover for JDK-8343430 removing old trampoline call + JDK-8364177: JDK fails to build due to undefined symbol in libpng on LoongArch64 + JDK-8364184: [REDO] AArch64: [VectorAPI] sve vector math operations are not supported after JDK-8353217 + JDK-8364190: JFR: RemoteRecordingStream withers don't work + JDK-8364198: NMT should have a better corruption message + JDK-8364199: Enhance list of environment variables printed in hserr/hsinfo file + JDK-8364212: Shenandoah: Rework archived objects loading + JDK-8364214: Enhance polygon data support + JDK-8364235: Fix for JDK-8361447 breaks the alignment requirements for GuardedMemory + JDK-8364257: JFR: User-defined events and settings with a one-letter name cannot be configured + JDK-8364263: HttpClient: Improve encapsulation of ProxyServer + JDK-8364296: Set IntelJccErratumMitigation flag ergonomically + JDK-8364352: Some tests fail when using a limited number of pregenerated .jsa CDS archives + JDK-8364454: ProblemList runtime/cds/DeterministicDump.java on macos for JDK-8363986 + JDK-8364503: gc/g1/TestCodeCacheUnloadDuringConcCycle.java fails because of race printing to stdout + JDK-8364514: [asan] runtime/jni/checked/ /TestCharArrayReleasing.java heap-buffer-overflow + JDK-8364556: JFR: Disable SymbolTableStatistics and StringTableStatistics in default.jfc + JDK-8364597: Replace THL A29 Limited with Tencent + JDK-8364611: (process) Child process SIGPIPE signal disposition should be default + JDK-8364660: ClassVerifier::ends_in_athrow() should be removed + JDK-8364764: java/nio/channels/vthread/BlockingChannelOps.java subtests timed out + JDK-8364786: Test java/net/vthread/HttpALot.java intermittently fails - 24999 handled, expected 25000 + JDK-8364984: Many jpackage tests are failing on Linux after JDK-8334238 + JDK-8364993: JFR: Disable jdk.ModuleExport in default.jfc + JDK-8364996: java/awt/font/FontNames/LocaleFamilyNames.java times out on Windows + JDK-8365058: Enhance CopyOnWriteArraySet + JDK-8365071: ARM32: JFR intrinsic jvm_commit triggers C2 regalloc assert + JDK-8365086: CookieStore.getURIs() and get(URI) should return an immutable List + JDK-8365165: Zap C-heap memory at delete/free + JDK-8365166: ARM32: missing os::fetch_bcp_from_context implementation + JDK-8365168: Use 64-bit aligned addresses for CK_ULONG access in PKCS11 native key code + JDK-8365200: RISC-V: compiler/loopopts/superword/ /TestGeneralizedReductions.java fails with Zvbb and vlen=128 + JDK-8365206: RISC-V: compiler/c2/irTests/ /TestFloat16ScalarOperations.java is failing on riscv64 + JDK-8365240: [asan] exclude some tests when using asan enabled binaries + JDK-8365260: Problemlist 1 test due to failures in the CI pipeline + JDK-8365265: x86 short forward jump exceeds 8-bit offset in methodHandles_x86.cpp when using Intel APX + JDK-8365271: Improve Swing supports + JDK-8365280: Enhance JOptionPane + JDK-8365302: RISC-V: compiler/loopopts/superword/ /TestAlignVector.java fails when vlen=128 + JDK-8365307: AIX make fails after JDK-8364611 + JDK-8365312: GCC 12 cannot compile SVE on aarch64 with auto-var-init pattern + JDK-8365389: Remove static color fields from SwingUtilities3 and WindowsMenuItemUI + JDK-8365425: [macos26] javax/swing/JInternalFrame/8160248/ /JInternalFrameDraggingTest.java fails on macOS 26 + JDK-8365442: [asan] runtime/ErrorHandling/ /CreateCoredumpOnCrash.java fails + JDK-8365468: EagerJVMCI should only apply to the CompilerBroker JVMCI runtime + JDK-8365487: [asan] some oops (mode) related tests fail + JDK-8365543: UnixNativeDispatcher.init should lookup open64at and stat64at on AIX + JDK-8365571: GenShen: PLAB promotions may remain disabled for evacuation threads + JDK-8365615: Improve JMenuBar/RightLeftOrientation.java + JDK-8365638: JFR: Add --exact for debugging out-of-order events + JDK-8365660: test/jdk/sun/security/pkcs11/KeyAgreement/ tests skipped without SkipException + JDK-8365700: Jar --validate without any --file option leaves around a temporary file /tmp/tmpJar.jar + JDK-8365726: Test crashed with assert in C1 thread: Possible safepoint reached by thread that does not allow it + JDK-8365772: RISC-V: correctly prereserve NaN payload when converting from float to float16 in vector way + JDK-8365790: Shutdown hook for application image does not work on Windows + JDK-8365811: test/jdk/java/net/CookieHandler/B6644726.java failure - "Should have 5 cookies. Got only 4, expires probably didn't parse correctly" + JDK-8365823: Revert storing abstract and interface Klasses to non-class metaspace + JDK-8365834: Mark java/net/httpclient/ManyRequests.java as intermittent + JDK-8365841: RISC-V: Several IR verification tests fail after JDK-8350960 without Zvfh + JDK-8365844: RISC-V: TestBadFormat.java fails when running without RVV + JDK-8365863: /test/jdk/sun/security/pkcs11/Cipher tests skip without SkippedException + JDK-8365913: Support latest MSC_VER in abstract_vm_version.cpp + JDK-8365919: Replace currentTimeMillis with nanoTime in Stresser.java + JDK-8365926: RISC-V: Performance regression in renaissance (chi-square) + JDK-8365956: GenShen: Adaptive tenuring threshold algorithm may raise threshold prematurely + JDK-8365983: Tests should throw SkippedException when SCTP not supported + JDK-8366028: MethodType::fromMethodDescriptorString should not throw UnsupportedOperationException for invalid descriptors + JDK-8366029: Do not add -XX:VerifyArchivedFields by default to CDS tests + JDK-8366031: Mark com/sun/nio/sctp/SctpChannel/ /CloseDescriptors.java as intermittent + JDK-8366075: Problemlist 2 tests due to failures in the CI pipeline + JDK-8366092: [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks' + JDK-8366147: ZGC: ZPageAllocator::cleanup_failed_commit_single_partition may leak memory + JDK-8366159: SkippedException is treated as a pass for pkcs11/KeyStore, pkcs11/SecretKeyFactory and pkcs11/SecureRandom + JDK-8366208: Unexpected exception in sun.java2d.cmm.lcms.LCMSImageLayout + JDK-8366229: runtime/Thread/TooSmallStackSize.java runs with all collectors + JDK-8366250: Problemlist 3 tests due to failures in the CI pipeline + JDK-8366340: Problemlist 1 test due to failures in the CI pipeline + JDK-8366342: Key generator and key pair generator tests skipping, but showing as passed + JDK-8366359: Test should throw SkippedException when there is no lpstat + JDK-8366365: [test] test/lib-test/jdk/test/whitebox/ /CPUInfoTest.java should be updated + JDK-8366434: THP not working properly with G1 after JDK-8345655 + JDK-8366446: Test java/awt/geom/ConcurrentDrawPolygonTest.java fails intermittently + JDK-8366537: Test "java/util/TimeZone/ /DefaultTimeZoneTest.java" is not updating the zone ID as expected + JDK-8366558: Gtests leave /tmp/cgroups-test* files + JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second + JDK-8366750: Remove test 'java/awt/Choice/ /ChoiceMouseWheelTest/ChoiceMouseWheelTest.java' from problemlist + JDK-8366764: Deproblemlist java/awt/ScrollPane/ /ScrollPositionTest.java + JDK-8366800: Problemlist 1 test due to failures in the CI pipeline + JDK-8366844: Update and automate MouseDraggedOriginatedByScrollBarTest.java + JDK-8366850: Test com/sun/jdi/ /JdbStopInNotificationThreadTest.java failed + JDK-8366893: java/lang/Thread/virtual/stress/ /GetStackTraceALotWhenPinned.java timed out on macos-aarch64 + JDK-8366948: AOT cache creation crashes when iterating training data + JDK-8366980: TestTransparentHugePagesHeap.java fails when run with -UseCompressedOops + JDK-8367017: Remove legacy checks from WrappedToolkitTest and convert from bash + JDK-8367021: Regression in LocaleDataTest refactoring + JDK-8367048: RISC-V: Correct pipeline descriptions of the architecture + JDK-8367066: RISC-V: refine register selection in MacroAssembler:: decode_klass_not_null + JDK-8367098: RISC-V: sync CPU features with related JVM flags for dependant ones + JDK-8367131: Test com/sun/jdi/ThreadMemoryLeakTest.java fails on 32 bits + JDK-8367133: DTLS: fragmentation of Finished message results in handshake failure + JDK-8367137: RISC-V: Detect Zicboz block size via hwprobe + JDK-8367237: Thread-Safety Usage Warning for java.text.Collator Classes + JDK-8367277: Fix copyright header in JMXInterfaceBindingTest.java + JDK-8367313: CTW: Execute in AWT headless mode + JDK-8367333: C2: Vector math operation intrinsification failure + JDK-8367348: Enhance PassFailJFrame to support links in HTML + JDK-8367378: GenShen: Missing timing stats when old mark buffers are flushed during final update refs + JDK-8367384: The ICC_Profile class may throw exceptions during serialization + JDK-8367598: Switch to CRC32C for SEED calculation in jdk.test.lib.Utils + JDK-8367616: RISC-V: Auto-enable Zicboz extension for debug builds + JDK-8367689: Revert removal of several compilation-related vmStructs fields + JDK-8367692: RISC-V: Align post call nop + JDK-8367694: Fix jtreg test failure when Intel APX is enabled for KNL platforms + JDK-8367780: Enable UseAPX on Intel CPUs only when both APX_F and APX_NCI_NDD_NF cpuid features are present + JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName + JDK-8367869: Test java/io/FileDescriptor/Sync.java timed out + JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException + JDK-8367948: JFR: MethodTrace threshold setting has no effect + JDK-8367953: JFR sampler threads does not appear in thread dump + JDK-8367969: C2: compiler/vectorapi/TestVectorMathLib.java fails without UnlockDiagnosticVMOptions + JDK-8367988: NewFileSystemTests.readOnlyZipFileFailure fails when run by root user + JDK-8368032: Enhance Certificate Checking + JDK-8368071: Compilation throughput regressed 2X-8X after JDK-8355003 + JDK-8368152: Shenandoah: Incorrect behavior at end of degenerated cycle + JDK-8368192: Test java/lang/ProcessBuilder/Basic.java#id0 fails with Exception: Stack trace + JDK-8368366: RISC-V: AlignVector is mistakenly set to AvoidUnalignedAccesses + JDK-8368367: Test jdk/jfr/event/gc/detailed/ /TestGCHeapMemoryUsageEvent.java fails jdk.GCHeapMemoryUsage "expected 0 > 0" + JDK-8368565: Adjust comment regarding dependency of libjvm.so to librt + JDK-8368606: Printer lookup returns empty on AIX platform due to uninitialized results list + JDK-8368668: Several vmTestbase/vm/gc/compact tests timed out on large memory machine + JDK-8368670: Deadlock in JFR on event register + class load + JDK-8368698: runtime/cds/appcds/aotCache/OldClassSupport.java assert(can_add()) failed: Cannot add TrainingData objects + JDK-8368732: RISC-V: Detect support for misaligned vector access via hwprobe + JDK-8368890: open/test/jdk/tools/jpackage/macosx/ /NameWithSpaceTest.java fails randomly + JDK-8368893: RISC-V: crash after JDK-8352673 on fastdebug version + JDK-8368960: Adjust java UL logging in the build + JDK-8368982: Test sun/security/tools/jarsigner/EC.java completed and timed out + JDK-8369078: Fix faulty test conversion in IllegalCharsetName.java + JDK-8369184: SimpleTimeZone equals() Returns True for Unequal Instances with Different hashCode Values + JDK-8369190: JavaFrameAnchor on AArch64 has unnecessary barriers and wrong store order in MacroAssembler + JDK-8369226: GHA: Switch to MacOS 15 + JDK-8369319: java/net/httpclient/CancelRequestTest.java fails intermittently + JDK-8369450: [Ubuntu 25.10] openjdk fails to build due to rust-coreutils date + JDK-8369487: Revert EA option for build promotion + JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64 + JDK-8369560: Slowdebug build without CDS fails + JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files + JDK-8369616: JavaFrameAnchor on RISC-V has unnecessary barriers and wrong store order in MacroAssembler + JDK-8369656: Calling CompletableFuture.join() could execute task in common pool + JDK-8369657: [AIX] TOC overflow in static-launcher build when building slowdebug after JDK-8352064 + JDK-8369853: jpackage signing tests fail after JDK-8358723 + JDK-8369868: Compilation error in Win8365790Test.java with JDK-8358723 fix resulting in CI tier3 failure + JDK-8369946: Bytecode rewriting causes Java heap corruption on PPC + JDK-8369947: Bytecode rewriting causes Java heap corruption on RISC-V + JDK-8369979: Flag UsePopCountInstruction was accidentally disabled on PPC64 + JDK-8370048: Shenandoah: Deprecated ShenandoahPacing option + JDK-8370049: [s390x] G1 barrier compareAndExchange does not return old value when compareExchange fails + JDK-8370318: AES-GCM vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8370331: Problemlist 2 tests due to failures in the CI pipeline + JDK-8370428: Change milestone to fcs for all releases + JDK-8370465: Right to Left Orientation Issues with MenuItem Component + JDK-8371094: --mac-signing-key-user-name no longer works + JDK-8371425: Include folder names in vscode workspace virtual folders + JDK-8371697: test/jdk/java/nio/file/FileStore/Basic.java fails after 8360887 on linux + JDK-8372753: jpackage ignores --file-associations option with predefined app image ++++ kernel-source: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-source: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-docs: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-docs: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-kvmsmall: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-kvmsmall: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-obs-build: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-obs-build: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-obs-qa: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-obs-qa: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-syms: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-syms: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-zfcpdump: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ kernel-zfcpdump: - smb: client: don't try following DFS links in cifs_tree_connect() (git-fixes). - commit 3cf926a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit b25df62 - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 767a8ff - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - Refresh patches.suse/0003-ima-invalidate-unsupported-PCR-banks.patch. - commit 3fdd7fa - gfs2: Prevent recursive memory reclaim (bsc#1255593 CVE-2025-68356). - commit 798fe56 - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal (CVE-2025-68792 bsc#1256656). - commit 6ebc180 - kABI workaround for tpm2_session changes (CVE-2025-68792 bsc#1256656). - commit 7af0065 - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792 bsc#1256656). - commit 2805234 - x86: make page fault handling disable interrupts properly (git-fixes). - commit 8ec97c6 - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - commit 9f9ee4e - Delete patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch. - commit 3ae01ff - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - commit 3d9560f - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (git-fixes). - commit 25884fe - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - commit def5db6 - pNFS: Fix a deadlock when returning a delegation during open() (git-fixes). - commit 39c05eb - nfsd: check that server is running in unlock_filesystem (git-fixes). - commit d20f2be - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - commit bb91457 - NFSD: Fix permission check for read access to executable-only files (git-fixes). - commit 183186b - nfsd: Drop the client reference in client_states_open() (git-fixes). - commit c888f17 - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - commit b191678 - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - commit 9c83e59 - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - commit 029a31c - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (git-fixes). - commit 5253399 - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - commit 98b121a - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - commit 15f5d8e - exfat: fix remount failure in different process environments (git-fixes). - commit 2a1614d - exfat: zero out post-EOF page cache on file extension (git-fixes). - commit b63526d - Update patch metadata and sort patches.suse/sched-fair-Disable-scheduler-feature-NEXT_BUDDY.patch. - commit 6b28e35 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - mei: trace: treat reg parameter as string (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - interconnect: debugfs: initialize src_node and dst_node to empty strings (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: chemical: scd4x: fix reported channel endianness (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: accel: adxl380: fix handling of unavailable "INT1" interrupt (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit e39a507 - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 7eec89f ++++ multipath-tools: - Update to version 0.12.2+254+suse.924a3ed8: - Bug fixes from 0.12.2 (bsc#1257007, see NEWS.md for details) * kpartx: fix segfault when operating on regular files (bsc#1257244, bsc#1257153) * multipathd: print path offline message even without a checker (bsc#1254094) * Fix `mpathpersist --report-capabilities` output. * Fix command descriptions in the multipathd man page. * Fix ISO C23 compatibility issue causing errors with new compilers. * Fix memory leak caused by not joining the "init unwinder" thread. * Fix memory leaks in kpartx. * Print the warning "setting scsi timeouts is unsupported for protocol" only once per protocol. * Make sure multipath-tools is compiled with the compiler flag `-fno-strict-aliasing`. (gh#opensvc/multipath-tools#130, bsc#1255285) - Features from upstream 0.12.0 (see also NEWS.md): * Maps that were added outside of multipathd (e.g. using the **multipath** command) and that couldn't be reloaded by multipathd used to be ignored by multipathd. multipathd will now monitor them. If some paths were offline while the map was created, multipathd will now add them to the map when they go online again. * multipathd retries persistent reservation commands that have failed on one path on another one. - Documentation fixes - Additions to the hardware table ++++ protobuf: - Add CVE-2026-0994.patch to fix google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173, CVE-2026-0994) ++++ openCryptoki: - Applied a patch (bsc#1257116, CVE-2026-23893) * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch ++++ opensuse-migration-tool: - Add dependency on update-bootloader to fix boo#1255897 pattern-base-selinux could be skipped if update-bootloader was missing ++++ opensuse-migration-tool: - Add dependency on update-bootloader to fix boo#1255897 pattern-base-selinux could be skipped if update-bootloader was missing ++++ pcr-oracle: - Enable build on %{arm} as it is required by sdbootutil ++++ protobuf-java: - Add CVE-2026-0994.patch to fix google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173, CVE-2026-0994) ++++ python-orjson: - Add CVE-2025-67221.patch to fix write outsize of allocated memory on json dump (bsc#1257121, gh#ijl/orjson#637) ++++ python-protobuf: - Add CVE-2026-0994.patch to fix google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173, CVE-2026-0994) ++++ python-urllib3_1: - Add security patches: * CVE-2025-66471.patch (bsc#1254867) * CVE-2025-66418.patch (bsc#1254866) * CVE-2026-21441.patch (bsc#1256331) ------------------------------------------------------------------ ------------------ 2026-1-25 - Jan 25 2026 ------------------- ------------------------------------------------------------------ ++++ OpenBoard: - update to release version 1.7.4 - remove upstreamed patch 1387-fix-poppler-25-11.patch ++++ OpenBoard: - update to release version 1.7.4 - remove upstreamed patch 1387-fix-poppler-25-11.patch ++++ OpenBoard: - update to release version 1.7.4 - remove upstreamed patch 1387-fix-poppler-25-11.patch ++++ OpenBoard: - update to release version 1.7.4 - remove upstreamed patch 1387-fix-poppler-25-11.patch ++++ gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this prevents some occasional odd displays and other issues when an XCF file tried to access a partially loaded font. - Assorted updates and fixes - Daniel Plakhotich helped us identify an issue when exporting a lossless WEBP image could be affected by lossy settings (such as Quality being less than 100%). We’ve updated our WEBP plug-in to prevent this from happening. - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable can now be run with a --no-interface flag instead of requiring users to call gimp-console-3.0 even on devices with no display. The --show-debug-menu flag is now visible as well. - programmer_ceds improved our flatpak by adding safe guards to show the correct configuration directory regardless of whether XDG_CONFIG_HOME is defined on the user’s system. This should make it much easier for flatpak users to install and use third party plug-ins. - We fixed a rare but possible crash when using the Equalize filter on images with NaN values. Images that contain these are usually created from scientific or mapping data, so you’re unlikely to come across them in standard editing. - Jeremy Bicha fixed an internal issue where the wrong version number could be used when installing minor releases (such as the 3.2 release candidates and upcoming 3.2 stable release). - As noted in our 3.2RC2 news post, we have updated our SVG import code to improve the rendered path. - Further improvements have been made to our non-destructive filter code to improve stability, especially when copying and pasting layers and images with filters attached to them. Some issues related to applying NDE filters on Quick Masks have also been corrected. - An unintended Search pop-up that appeared when typing while the Channels dockable was selected has been turned off. - When saving XCFs for GIMP 2.10 compatibility, we unintentionally saved Grid color using the new color format. This caused errors when reopening the XCF in 2.10. This problem has now been fixed! If you encounter any other XCF incompatibility, please let us know. - Themes and UX - The Navigation and Selection Editor dockables no longer show a large bright texture when no image is actively selected. This was especially noticeable on dark themes. - When a layer has no active filters, the Fx column had the same “checkbox” outline when hovered over as the lock column. This led to confusion about clicking it to add filters. We have removed the outline on hover as a small step to help address this. - Ondřej Míchal fixed alignment and cut-off issues with the buttons on our Transform tool overlays. All buttons should now be properly centered and visible. - The options for filling layers with colors when resizing the canvas will be turned off when not relevant (such as when you set layers to not be resized). - More GUI elements such as dialog header icons will now respond to your icon size preferences. - Ondřej Míchal has continued his work to update our UI with the more usable Spin Scale widget. He has also updated the widget itself to improve how it works for users and developers alike. - Security fixes - Jacob Boerema and Gabriele Barbero continued to patch potential security issues related to some of our file format plug-ins. In addition to existing fixes mentioned in the release candidate news posts, the following exploits are now prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530 ZDI-CAN-28591 ZDI-CAN-28599 - Another potential issue related to ICO files with incorrect metadata was reported by Dhiraj. It does not have a CVE number yet, but it has been fixed for GIMP 3.0.8. Jacob Boerema also fixed a potential issue with loading Creator blocks in Paintshop Pro PSP images. - API - For plug-in and script developers, a few new public APIs were backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer () allows you to retrieve a GEGL buffer from a Cairo surface (such as a text layer). Note that this deprecates gimp_cairo_surface_create_buffer (). - gimp_config_set_xcf_version () and gimp_config_get_xcf_version () can be used to specify a particular XCF version for a configuration. This will allow you to have that data serialized/deserialized for certain versions of GIMP if there were differences (such as the Grid colors mentioned above). - Fixes were made for retrieving image metadata via scripting. GimpMetadata is now a visible child of GExiv2Metadata, so you can use standard gexiv2 functions to retrieve information from it. - Original thumbnail metadata is also now removed on export to prevent potential issues when exporting into a new format. - drop patches included in the update gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) gimp-CVE-2025-15059.patch (bsc#1255766 CVE-2025-15059) ++++ gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this prevents some occasional odd displays and other issues when an XCF file tried to access a partially loaded font. - Assorted updates and fixes - Daniel Plakhotich helped us identify an issue when exporting a lossless WEBP image could be affected by lossy settings (such as Quality being less than 100%). We’ve updated our WEBP plug-in to prevent this from happening. - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable can now be run with a --no-interface flag instead of requiring users to call gimp-console-3.0 even on devices with no display. The --show-debug-menu flag is now visible as well. - programmer_ceds improved our flatpak by adding safe guards to show the correct configuration directory regardless of whether XDG_CONFIG_HOME is defined on the user’s system. This should make it much easier for flatpak users to install and use third party plug-ins. - We fixed a rare but possible crash when using the Equalize filter on images with NaN values. Images that contain these are usually created from scientific or mapping data, so you’re unlikely to come across them in standard editing. - Jeremy Bicha fixed an internal issue where the wrong version number could be used when installing minor releases (such as the 3.2 release candidates and upcoming 3.2 stable release). - As noted in our 3.2RC2 news post, we have updated our SVG import code to improve the rendered path. - Further improvements have been made to our non-destructive filter code to improve stability, especially when copying and pasting layers and images with filters attached to them. Some issues related to applying NDE filters on Quick Masks have also been corrected. - An unintended Search pop-up that appeared when typing while the Channels dockable was selected has been turned off. - When saving XCFs for GIMP 2.10 compatibility, we unintentionally saved Grid color using the new color format. This caused errors when reopening the XCF in 2.10. This problem has now been fixed! If you encounter any other XCF incompatibility, please let us know. - Themes and UX - The Navigation and Selection Editor dockables no longer show a large bright texture when no image is actively selected. This was especially noticeable on dark themes. - When a layer has no active filters, the Fx column had the same “checkbox” outline when hovered over as the lock column. This led to confusion about clicking it to add filters. We have removed the outline on hover as a small step to help address this. - Ondřej Míchal fixed alignment and cut-off issues with the buttons on our Transform tool overlays. All buttons should now be properly centered and visible. - The options for filling layers with colors when resizing the canvas will be turned off when not relevant (such as when you set layers to not be resized). - More GUI elements such as dialog header icons will now respond to your icon size preferences. - Ondřej Míchal has continued his work to update our UI with the more usable Spin Scale widget. He has also updated the widget itself to improve how it works for users and developers alike. - Security fixes - Jacob Boerema and Gabriele Barbero continued to patch potential security issues related to some of our file format plug-ins. In addition to existing fixes mentioned in the release candidate news posts, the following exploits are now prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530 ZDI-CAN-28591 ZDI-CAN-28599 - Another potential issue related to ICO files with incorrect metadata was reported by Dhiraj. It does not have a CVE number yet, but it has been fixed for GIMP 3.0.8. Jacob Boerema also fixed a potential issue with loading Creator blocks in Paintshop Pro PSP images. - API - For plug-in and script developers, a few new public APIs were backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer () allows you to retrieve a GEGL buffer from a Cairo surface (such as a text layer). Note that this deprecates gimp_cairo_surface_create_buffer (). - gimp_config_set_xcf_version () and gimp_config_get_xcf_version () can be used to specify a particular XCF version for a configuration. This will allow you to have that data serialized/deserialized for certain versions of GIMP if there were differences (such as the Grid colors mentioned above). - Fixes were made for retrieving image metadata via scripting. GimpMetadata is now a visible child of GExiv2Metadata, so you can use standard gexiv2 functions to retrieve information from it. - Original thumbnail metadata is also now removed on export to prevent potential issues when exporting into a new format. - drop patches included in the update gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) gimp-CVE-2025-15059.patch (bsc#1255766 CVE-2025-15059) ++++ gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this prevents some occasional odd displays and other issues when an XCF file tried to access a partially loaded font. - Assorted updates and fixes - Daniel Plakhotich helped us identify an issue when exporting a lossless WEBP image could be affected by lossy settings (such as Quality being less than 100%). We’ve updated our WEBP plug-in to prevent this from happening. - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable can now be run with a --no-interface flag instead of requiring users to call gimp-console-3.0 even on devices with no display. The --show-debug-menu flag is now visible as well. - programmer_ceds improved our flatpak by adding safe guards to show the correct configuration directory regardless of whether XDG_CONFIG_HOME is defined on the user’s system. This should make it much easier for flatpak users to install and use third party plug-ins. - We fixed a rare but possible crash when using the Equalize filter on images with NaN values. Images that contain these are usually created from scientific or mapping data, so you’re unlikely to come across them in standard editing. - Jeremy Bicha fixed an internal issue where the wrong version number could be used when installing minor releases (such as the 3.2 release candidates and upcoming 3.2 stable release). - As noted in our 3.2RC2 news post, we have updated our SVG import code to improve the rendered path. - Further improvements have been made to our non-destructive filter code to improve stability, especially when copying and pasting layers and images with filters attached to them. Some issues related to applying NDE filters on Quick Masks have also been corrected. - An unintended Search pop-up that appeared when typing while the Channels dockable was selected has been turned off. - When saving XCFs for GIMP 2.10 compatibility, we unintentionally saved Grid color using the new color format. This caused errors when reopening the XCF in 2.10. This problem has now been fixed! If you encounter any other XCF incompatibility, please let us know. - Themes and UX - The Navigation and Selection Editor dockables no longer show a large bright texture when no image is actively selected. This was especially noticeable on dark themes. - When a layer has no active filters, the Fx column had the same “checkbox” outline when hovered over as the lock column. This led to confusion about clicking it to add filters. We have removed the outline on hover as a small step to help address this. - Ondřej Míchal fixed alignment and cut-off issues with the buttons on our Transform tool overlays. All buttons should now be properly centered and visible. - The options for filling layers with colors when resizing the canvas will be turned off when not relevant (such as when you set layers to not be resized). - More GUI elements such as dialog header icons will now respond to your icon size preferences. - Ondřej Míchal has continued his work to update our UI with the more usable Spin Scale widget. He has also updated the widget itself to improve how it works for users and developers alike. - Security fixes - Jacob Boerema and Gabriele Barbero continued to patch potential security issues related to some of our file format plug-ins. In addition to existing fixes mentioned in the release candidate news posts, the following exploits are now prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530 ZDI-CAN-28591 ZDI-CAN-28599 - Another potential issue related to ICO files with incorrect metadata was reported by Dhiraj. It does not have a CVE number yet, but it has been fixed for GIMP 3.0.8. Jacob Boerema also fixed a potential issue with loading Creator blocks in Paintshop Pro PSP images. - API - For plug-in and script developers, a few new public APIs were backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer () allows you to retrieve a GEGL buffer from a Cairo surface (such as a text layer). Note that this deprecates gimp_cairo_surface_create_buffer (). - gimp_config_set_xcf_version () and gimp_config_get_xcf_version () can be used to specify a particular XCF version for a configuration. This will allow you to have that data serialized/deserialized for certain versions of GIMP if there were differences (such as the Grid colors mentioned above). - Fixes were made for retrieving image metadata via scripting. GimpMetadata is now a visible child of GExiv2Metadata, so you can use standard gexiv2 functions to retrieve information from it. - Original thumbnail metadata is also now removed on export to prevent potential issues when exporting into a new format. - drop patches included in the update gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) gimp-CVE-2025-15059.patch (bsc#1255766 CVE-2025-15059) ++++ orthanc-authorization: - version 0.10.3 * New default permissions for worklists * New default permissions for tools/metrics-prometheus * New default permissions for tools/generate-uid ++++ os-autoinst-distri-opensuse-deps: - Removed dependency gzip - Added dependency /usr/bin/gzip ------------------------------------------------------------------ ------------------ 2026-1-24 - Jan 24 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-64kb: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-azure: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-azure: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-default: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-default: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-rt: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-rt: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ dtb-aarch64: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ dtb-aarch64: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ flake-pilot: - Add --force option for register command Allow to force writing the registration even if a registration of the same name already exists. Also update the man pages. - Bump version: 3.1.24 → 3.1.25 - Improve command debug log Make sure the command called is part of the log message and not only the arguments - drop obsolete permission settings With the proper user vs. system wide setup there is no need for the hacky permission adaptions. This also improves the runtime performance - Fixup flake lookup system wide first, then user specific ++++ kernel-source: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-source: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-docs: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-docs: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-kvmsmall: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-kvmsmall: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-obs-build: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-obs-build: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-obs-qa: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-obs-qa: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-syms: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-syms: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-zfcpdump: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ++++ kernel-zfcpdump: - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - gpio: cdev: Correct return code on memory allocation failure (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - commit a8c0274 ------------------------------------------------------------------ ------------------ 2026-1-23 - Jan 23 2026 ------------------- ------------------------------------------------------------------ ++++ rust: - Update to version 1.93.0 - for details see the rust1.93 package ++++ rust1.93: - Add rust1.93 - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.93.0 ++++ rust1.93: - Add rust1.93 - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.93.0 ++++ kernel-64kb: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-64kb: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-azure: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-azure: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-default: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-default: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-rt: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-rt: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ dtb-aarch64: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ dtb-aarch64: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ flake-pilot: - Fix podman remove for both workloads Make sure podman remove functions properly when called in system and/or user mode. Sanity checks must be performed before any file/directory removal starts. ++++ freerdp: - Update to version 3.21.0: + Bugfix release with a few new API functions addressing shortcomings with regard to input data validation. Thanks to @ehdgks0627 we have fixed the following additional (medium) client side vulnerabilities: * CVE-2026-23530 * CVE-2026-23531 * CVE-2026-23532 * CVE-2026-23533 * CVE-2026-23534 * CVE-2026-23732 * CVE-2026-23883 * CVE-2026-23884 - Changes from version 3.20.2 * [client,sdl] fix monitor resolution (#12142) * [codec,progressive] fix progressive_rfx_upgrade_block (#12143) * Krb cache fix (#12145) * Rdpdr improved checks (#12141) * Codec advanced length checks (#12146) * Glyph fix length checks (#12151) * Wlog printf format string checks (#12150) * [warnings,format] fix format string warnings (#12152) * Double free fixes (#12153) * [clang-tidy] clean up code warnings (#12154) - Drop upstreamed patches: + freerdp-split-cast-macros-to-header.patch + freerdp-CVE-2025-4478.patch (CVE-2025-4478, bsc#1243109) + freerdp-CVE-2026-22851.patch (CVE-2026-22851, bsc#1256717) + freerdp-CVE-2026-22852.patch (CVE-2026-22852, bsc#1256718) + freerdp-CVE-2026-22853.patch (CVE-2026-22853, bsc#1256719) + freerdp-CVE-2026-22854.patch (CVE-2026-22854, bsc#1256720) + freerdp-CVE-2026-22855.patch (CVE-2026-22855, bsc#1256721) + freerdp-CVE-2026-22856.patch (CVE-2026-22856, bsc#1256722) + freerdp-CVE-2026-22857.patch (CVE-2026-22857, bsc#1256723) + freerdp-CVE-2026-22858.patch (CVE-2026-22858, bsc#1256724) + freerdp-CVE-2026-22859.patch (CVE-2026-22859, bsc#1256725) + freerdp-CVE-2026-23530.patch (CVE-2026-23530, bsc#1256940) + freerdp-CVE-2026-23531.patch (CVE-2026-23531, bsc#1256941) + freerdp-CVE-2026-23532.patch (CVE-2026-23532, bsc#1256942) + freerdp-CVE-2026-23533.patch (CVE-2026-23533, bsc#1256943) + freerdp-CVE-2026-23534.patch (CVE-2026-23534, bsc#1256944) + freerdp-CVE-2026-23732.patch (CVE-2026-23732, bsc#1256945) + freerdp-CVE-2026-23883.patch (CVE-2026-23883, bsc#1256946) + freerdp-CVE-2026-23884.patch (CVE-2026-23884, bsc#1256947) ++++ java-17-openjdk: - Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU) * CVEs + CVE-2026-21925, bsc#1257034 + CVE-2026-21932, bsc#1257036 + CVE-2026-21933, bsc#1257037 + CVE-2026-21945, bsc#1257038 * Changes + JDK-7124287: [macosx] JTableHeader doesn't get focus after pressing F8 key + JDK-7191877: TEST_BUG: java/rmi/transport/checkLeaseInfoLeak/ /CheckLeaseLeak.java failing intermittently + JDK-8139228: JFileChooser renders file names as HTML document + JDK-8139392: JInternalFrame has incorrect padding + JDK-8140527: JInternalFrame has incorrect title button width + JDK-8201183: sjavac build failures: "Connection attempt failed: Connection refused" + JDK-8201778: Speed up test javax/net/ssl/DTLS/PacketLossRetransmission.java + JDK-8204868: java/util/zip/ZipFile/TestCleaner.java still fails with "cleaner failed to clean zipfile." + JDK-8210807: Printing a JTable with a JScrollPane prints table without rows populated + JDK-8219408: Tests should handle ${} in the view of jtreg "smart action" + JDK-8230016: re-visit test sun/security/pkcs11/Serialize/ /SerializeProvider.java + JDK-8236907: JTable added to nested panels does not paint last visible row + JDK-8245545: Disable TLS_RSA cipher suites + JDK-8252329: runtime/LoadClass/TestResize.java timed out + JDK-8257810: Only First page are printed in JTable.scrollRectToVisible + JDK-8265429: Improve GCM encryption + JDK-8270083: -Wnonnull errors happen with GCC 11.1.1 + JDK-8277424: javax/net/ssl/TLSCommon/TLSTest.java fails with connection refused + JDK-8281440: AWT: Conversion from string literal loses const qualifier + JDK-8281523: Accessibility: Conversion from string literal loses const qualifier + JDK-8281525: Enable Zc:strictStrings flag in Visual Studio build + JDK-8281682: Redundant .ico files in Windows app-image cause unnecessary bloat + JDK-8282047: Enhance StringDecode/Encode microbenchmarks + JDK-8283544: HttpClient GET method adds Content-Length: 0 header + JDK-8285915: failure_handler: gather the contents of /etc/hosts file + JDK-8286159: Memory leak in getAllConfigs of awt_GraphicsEnv.c:585 + JDK-8286447: [Linux] AWT should start in Headless mode if headful AWT library not installed + JDK-8287401: jpackage tests failing on Windows due to powershell issue + JDK-8288109: HttpExchangeImpl.setAttribute does not allow null value after JDK-8266897 + JDK-8288180: C2: VectorPhase must ensure that SafePointNode memory input is a MergeMemNode + JDK-8290557: tools/jpackage/share/AddLauncherTest.java#id1 failed with "ERROR: Failed: Check icon file" + JDK-8292043: Incorrect decoding near EOF for stateful decoders like UTF-16 + JDK-8292214: Memory leak in getAllConfigs of awt_GraphicsEnv.c:386 + JDK-8294314: Minimize disabled warnings in hotspot + JDK-8294591: Fix cast-function-type warning in TemplateTable + JDK-8294594: Fix cast-function-type warnings in signal handling code + JDK-8294680: Refactor scaled border rendering + JDK-8295301: Problem list TrayIcon tests that fail on Ubuntu 22.04 + JDK-8295991: java/net/httpclient/CancelRequestTest.java fails intermittently + JDK-8296489: tools/jpackage/windows/WinL10nTest.java fails with timeout + JDK-8297302: gtest/AsyncLogGtest.java fails AsyncLogTest.stdoutOutput_vm + JDK-8297531: sun/security/krb5/MicroTime.java fails with "Exception: What? only 100 musec precision?" + JDK-8297936: Use reachabilityFence to manage liveness in ClassUnload tests + JDK-8299278: tools/jpackage/share/AddLauncherTest.java#id1 failed AddLauncherTest.bug8230933 + JDK-8299325: java/net/httpclient/CancelRequestTest.java fails "test CancelRequestTest.testGetSendAsync( "https://localhost:46509/https1/x/same/interrupt", true, true)" + JDK-8299553: Make ScaledEtchedBorderTest.java comprehensive + JDK-8302838: jabswitch main() should avoid calling exit explicitly + JDK-8303089: [jittester] Add time limit to IRTree generation + JDK-8303959: tools/jpackage/share/RuntimePackageTest.java fails with java.lang.AssertionError missing files + JDK-8304163: Move jdk.internal.module.ModuleInfoWriter to the test library + JDK-8304811: vmTestbase/vm/mlvm/indy/func/jvmti/ /stepBreakPopReturn/INDIFY_Test.java fails with JVMTI_ERROR_TYPE_MISMATCH + JDK-8305186: Reference.waitForReferenceProcessing should be more accessible to tests + JDK-8305567: serviceability/tmtools/jstat/GcTest01.java failed utils.JstatGcResults.assertConsistency + JDK-8305778: javax/swing/JTableHeader/6884066/ /bug6884066.java: Unexpected header's value; index = 4 value = E + JDK-8308633: Increase precision of timestamps in g1 log + JDK-8308780: Fix the Java Integer types on Windows + JDK-8310049: Refactor Charset tests to use JUnit + JDK-8310915: Typo in aarch64.ad: "envcodings" + JDK-8311588: C2: RepeatCompilation compiler directive does not choose stress seed randomly + JDK-8313355: javax/management/remote/mandatory/notif/ /ListenerScaleTest.java failed with "Exception: Failed: ratio=792.2791601423487" + JDK-8313770: jdk/internal/platform/docker/ /TestSystemMetrics.java fails on Ubuntu + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8317264: Pattern.Bound has `static` fields that should be 'static final'. + JDK-8317970: Bump target macosx-x64 version to 11.00.00 + JDK-8318467: [jmh] tests concurrent.Queues and concurrent.ProducerConsumer hang with 101+ threads + JDK-8318613: ChoiceFormat patterns are not well tested + JDK-8318730: MonitorVmStartTerminate.java still times out after JDK-8209595 + JDK-8320836: jtreg gtest runs should limit heap size + JDK-8322135: Printing JTable in Windows L&F throws InternalError: HTHEME is null + JDK-8322140: javax/swing/JTable/JTableScrollPrintTest.java does not print the rows and columns of the table in Nimbus and Aqua LookAndFeel + JDK-8324065: Daylight saving information for 'Africa/Casablanca' are incorrect + JDK-8324491: Keyboard layout didn't keep its state if it was changed when dialog was active + JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark + JDK-8325647: [IR framework] Only prints stdout if exitCode is 134 + JDK-8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327180: Failed: java/io/ObjectStreamClass/ /ObjectStreamClassCaching.java#G1 + JDK-8327434: Test java/util/PluggableLocale/ /TimeZoneNameProviderTest.java timed out + JDK-8327748: Convert javax/swing/JFileChooser/6798062/ /bug6798062.java applet test to main + JDK-8327757: Convert javax/swing/JSlider/6524424/ /bug6524424.java applet to main + JDK-8327856: Convert applet test SpanishDiacriticsTest.java to a main program + JDK-8327980: Convert javax/swing/JToggleButton/4128979/ /bug4128979.java applet test to main + JDK-8328124: Convert java/awt/Frame/ShownOnPack/ /ShownOnPack.html applet test to main + JDK-8328247: Remove redundant dir for tests converted from applet to main + JDK-8328299: Convert DnDFileGroupDescriptor.html applet test to main + JDK-8328377: Convert java/awt/Cursor/MultiResolutionCursorTest test to main + JDK-8328562: Convert java/awt/InputMethods/DiacriticsTest/ /DiacriticsTest.java applet test to main + JDK-8331231: containers/docker/TestContainerInfo.java fails + JDK-8331977: Crash: SIGSEGV in dlerror() + JDK-8332271: Reading data from the clipboard from multiple threads crashes the JVM + JDK-8333526: Restructure java/nio/channels/DatagramChannel/ /StressNativeSignal.java to a fail fast exception handling policy + JDK-8333569: jpackage tests must run app launchers with retries on Linux only + JDK-8333783: java/nio/channels/FileChannel/directio/ /DirectIOTest.java is unstable with AV software + JDK-8334771: [TESTBUG] Run TestDockerMemoryMetrics.java with - Xcomp fails exitValue = 137 + JDK-8335986: Test javax/swing/JCheckBox/4449413/ /bug4449413.java fails on Windows 11 x64 because RBMenuItem's and CBMenuItem's checkmark on the left side are not visible + JDK-8337723: Remove redundant tests from com/sun/security/sasl/gsskerb + JDK-8338428: Add logging of final VM flags while setting properties + JDK-8338740: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes + JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC + JDK-8339366: [jittester] Make it possible to generate tests without execution + JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method + JDK-8339962: Open source AWT TextField tests - Set1 + JDK-8340015: Open source several AWT focus tests - series 7 + JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures + JDK-8340354: Open source AWT desktop properties and print related tests + JDK-8341097: GHA: Demote Mac x86 jobs to build only + JDK-8341131: Some jdk/jfr/event/compiler tests shouldn't be executed with Xcomp + JDK-8341138: Rename jtreg property docker.support as container.support + JDK-8341496: Improve JMX connections + JDK-8341861: GHA: Use only retention mechanism to remove bundles + JDK-8342782: AWTEventMulticaster throws StackOverflowError using AquaButtonUI + JDK-8343314: Move common properties from jpackage jtreg test declarations to TEST.properties file + JDK-8343340: Swapping checking do not work for MetricsMemoryTester failcount + JDK-8343875: Minor improvements of jpackage test library + JDK-8344275: tools/jpackage/windows/Win8301247Test.java fails on localized Windows platform + JDK-8344326: Move jpackage tests from "jdk.jpackage.tests" package to the default package + JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on Debian 12 + JDK-8346234: javax/swing/text/DefaultEditorKit/4278839/ /bug4278839.java still fails in CI + JDK-8346753: Test javax/swing/JMenuItem/RightLeftOrientation/ /RightLeftOrientation.java fails on Windows Server 2025 x64 because the icons of RBMenuItem and CBMenuItem are not visible in Nimbus LookAndFeel + JDK-8346839: [TESTBUG] "java/awt/textfield/setechochartest4/ /setechochartest4.java" failed because the test frame disappears on clicking "Click Several Times" button + JDK-8346875: Test jdk/jdk/jfr/event/os/TestCPULoad.java fails on macOS + JDK-8346929: runtime/ClassUnload/DictionaryDependsTest.java fails with "Test failed: should be unloaded" + JDK-8347129: cpuset cgroups controller is required for no good reason + JDK-8347277: java/awt/Focus/ComponentLostFocusTest.java fails intermittently + JDK-8347300: Don't exclude the "PATH" var from the environment when running app launchers in jpackage tests + JDK-8347377: Add validation checks for ICC_Profile header fields + JDK-8347826: Introspector shows wrong method list after 8071693 + JDK-8347841: Test fixes that use deprecated time zone IDs + JDK-8349188: LineBorder does not scale correctly + JDK-8349534: Refactor jdk/sun/security/krb5/runNameEquals.sh to java test + JDK-8350102: Decouple jpackage test-lib Executor.Result and Executor classes + JDK-8350106: [PPC] Avoid ticks_unknown_not_Java AsyncGetCallTrace() if JavaFrameAnchor::_last_Java_pc not set + JDK-8350813: Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError + JDK-8351567: Jar Manifest test ValueUtf8Coding produces misleading diagnostic output + JDK-8352678: Opensource few JMenuItem tests + JDK-8352682: Opensource JComponent tests + JDK-8352686: Opensource JInternalFrame tests - series3 + JDK-8352687: Opensource few JInternalFrame and JTextField tests + JDK-8352793: Open source several AWT TextComponent tests - Batch 1 + JDK-8352800: [PPC] OpenJDK fails to build on PPC after JDK-8350106 + JDK-8352865: Open source several AWT TextComponent tests - Batch 2 + JDK-8352905: Open some JComboBox bugs 1 + JDK-8352966: Opensource Several Font related tests - Batch 2 + JDK-8352997: Open source several Swing JTabbedPane tests + JDK-8353007: Open some JComboBox bugs 2 + JDK-8353011: Open source Swing JButton tests - Set 1 + JDK-8353201: Open source Swing Tooltip tests - Set 2 + JDK-8353299: VerifyJarEntryName.java test fails + JDK-8353309: Open source several Swing text tests + JDK-8353319: Open source Swing tests - Set 3 + JDK-8353445: Open source several AWT Menu tests - Batch 1 + JDK-8353470: Clean up and open source couple AWT Graphics related tests (Part 2) + JDK-8353483: Open source some JProgressBar tests + JDK-8353486: Open source Swing Tests - Set 4 + JDK-8353585: Provide ChoiceFormat#parse(String, ParsePosition) tests + JDK-8353586: Open source several toolkit tests + JDK-8353589: Open source a few Swing menu-related tests + JDK-8353592: Open source several scrollbar tests + JDK-8353661: Open source several swing tests batch5 + JDK-8353832: Opensource FontClass, Selection and Icon tests + JDK-8353950: Clipboard interaction on Windows is unstable + JDK-8353957: Open source several AWT ScrollPane tests - Batch 1 + JDK-8353958: Open source several AWT ScrollPane tests - Batch 2 + JDK-8354095: Open some JTable bugs 5 + JDK-8354106: Clean up and open source KeyEvent related tests (Part 2) + JDK-8354214: Open source Swing tests Batch 2 + JDK-8354233: Open some JTable bugs 6 + JDK-8354235: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8354248: Open source several AWT GridBagLayout and List tests + JDK-8354340: Open source Swing Tests - Set 6 + JDK-8354341: Open some JTable bugs 7 + JDK-8354365: Opensource few Modal and Full Screen related tests + JDK-8354418: Open source Swing tests Batch 4 + JDK-8354451: Open source some more Swing popup menu tests + JDK-8354465: Open some JTable bugs 8 + JDK-8354466: Open some misc Swing bugs 9 + JDK-8354472: Clean up and open source KeyEvent related tests (Part 3) + JDK-8354493: Opensource Several MultiScreen and Insets related tests + JDK-8354495: Open source several AWT DataTransfer tests + JDK-8354532: Open source JFileChooser Tests - Set 7 + JDK-8354552: Open source a few Swing tests + JDK-8354553: Open source several clipboard tests batch0 + JDK-8354561: Open source several swing tests batch0 + JDK-8354646: java.awt.TextField allows to identify the spaces in a password when double clicked at the starting and end of the text + JDK-8354653: Clean up and open source KeyEvent related tests (Part 4) + JDK-8354701: Open source few JToolTip tests + JDK-8354873: javax/swing/plaf/metal/MetalIconFactory/ /bug4952462.java failing on CI + JDK-8354928: Clean up and open source some miscellaneous AWT tests + JDK-8355077: Compiler error at splashscreen_gif.c due to unterminated string initialization + JDK-8355333: Some Problem list entries point to non-existent / wrong files + JDK-8355387: [jittester] Disable downcasts by default + JDK-8355444: [java.io] Use @requires tag instead of exiting based on "os.name" property value + JDK-8355478: DoubleActionESC.java fails intermittently + JDK-8355558: SJIS.java test is always ignored + JDK-8355561: [macos] Build failure with Xcode 16.3 + JDK-8356040: java/util/PluggableLocale/ /LocaleNameProviderTest.java timed out + JDK-8356145: ListEnterExitTest.java fails on macos + JDK-8356187: TestJcmd.java may incorrectly parse podman version + JDK-8356752: Log mouse enter and exit events for debugging + JDK-8356897: Update NSS library to 3.111 + JDK-8357305: Compilation failure in javax/swing/JMenuItem/bug6197830.java + JDK-8357561: BootstrapLoggerTest does not work on Ubuntu 24 with LANG de_DE.UTF-8 + JDK-8357675: Amend headless message + JDK-8357799: Improve instructions for JFileChooser/HTMLFileName.java + JDK-8357822: C2: Multiple string optimization tests are no longer testing string concatenation optimizations + JDK-8358048: java/net/httpclient/HttpsTunnelAuthTest.java incorrectly calls Thread::stop + JDK-8358334: C2/Shenandoah: incorrect execution with Unsafe + JDK-8358532: JFileChooser in GTK L&F still displays HTML filename + JDK-8358701: Remove misleading javax.management.remote API doc wording about JMX spec, and historic link to JMXMP + JDK-8358748: Large page size initialization fails with assert "page_size must be a power of 2" + JDK-8358764: (sc) SocketChannel.close when thread blocked in read causes connection to be reset (win) + JDK-8358813: JPasswordField identifies spaces in password via delete shortcuts + JDK-8359061: Update and ProblemList manual test java/awt/Cursor/CursorDragTest/ListDragCursor.java + JDK-8359167: Remove unused test/hotspot/jtreg/vmTestbase/nsk/ /share/jpda/BindServer.java + JDK-8359182: Use @requires instead of SkippedException for MaxPath.java + JDK-8359207: Remove runtime/signal/TestSigusr2.java since it is always skipped + JDK-8359402: Test CloseDescriptors.java should throw SkippedException when there is no lsof/sctp + JDK-8359418: Test "javax/swing/text/GlyphView/bug4188841.java" failed because the phrase of text pane does not match the instructions + JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again + JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test + JDK-8359477: com/sun/net/httpserver/Test12.java appears to have a temp file race + JDK-8359501: Enhance Handling of URIs + JDK-8359687: Use PassFailJFrame for java/awt/print/Dialog/DialogType.java + JDK-8360022: ClassRefDupInConstantPoolTest.java fails when running in repeat + JDK-8360178: TestArguments.atojulong gtest has incorrect format string + JDK-8360288: Shenandoah crash at size_given_klass in op_degenerated + JDK-8360408: [TEST] Use @requires tag instead of exiting based on "os.name" property value for sun/net/www/protocol/file/FileURLTest.java + JDK-8360411: [TEST] open/test/jdk/java/io/File/ /MaxPathLength.java Refactor extract method to encapsulate Windows specific test logic + JDK-8361253: CommandLineOptionTest library should report observed values on failure + JDK-8361298: SwingUtilities/bug4967768.java fails where character P is not underline + JDK-8361314: Test serviceability/jvmti/VMEvent/MyPackage/ /VMEventRecursionTest.java FATAL ERROR in native method: Failed during the GetClassSignature call + JDK-8361423: Add IPSupport::printPlatformSupport to java/net/NetworkInterface/IPv4Only.java + JDK-8361447: [REDO] Checked version of JNI ReleaseArrayElements needs to filter out known wrapped arrays + JDK-8361751: Test sun/tools/jcmd/TestJcmdSanity.java timed out on Windows + JDK-8361754: New test runtime/jni/checked/ /TestCharArrayReleasing.java can cause disk full errors + JDK-8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c + JDK-8362204: test/jdk/sun/awt/font/TestDevTransform.java fails on Ubuntu 24.04 + JDK-8362207: Add more test cases for possible double-rounding in fma + JDK-8362308: Enhance Bitmap operations + JDK-8362532: Test gc/g1/plab/* duplicate command-line options + JDK-8362533: Tests sun/management/jmxremote/bootstrap/* duplicate VM flags + JDK-8362602: Add test.timeout.factor to CompileFactory to avoid test timeouts + JDK-8362632: Improve HttpServer Request handling + JDK-8362855: Test java/net/ipv6tests/TcpTest.java should report SkippedException when there no ia4addr or ia6addr + JDK-8363676: [GCC static analyzer] missing return value check of malloc in OGLContext_SetTransform + JDK-8363720: Follow up to JDK-8360411 with post review comments + JDK-8363966: GHA: Switch cross-compiling sysroots to Debian trixie + JDK-8364214: Enhance polygon data support + JDK-8364235: Fix for JDK-8361447 breaks the alignment requirements for GuardedMemory + JDK-8364263: HttpClient: Improve encapsulation of ProxyServer + JDK-8364484: misc tests fail with Received fatal alert: handshake_failure + JDK-8364556: JFR: Disable SymbolTableStatistics and StringTableStatistics in default.jfc + JDK-8364597: Replace THL A29 Limited with Tencent + JDK-8364660: ClassVerifier::ends_in_athrow() should be removed + JDK-8364993: JFR: Disable jdk.ModuleExport in default.jfc + JDK-8364996: java/awt/font/FontNames/LocaleFamilyNames.java times out on Windows + JDK-8365058: Enhance CopyOnWriteArraySet + JDK-8365086: CookieStore.getURIs() and get(URI) should return an immutable List + JDK-8365098: make/RunTests.gmk generates a wrong path to test artifacts on Alpine + JDK-8365168: Use 64-bit aligned addresses for CK_ULONG access in PKCS11 native key code + JDK-8365271: Improve Swing supports + JDK-8365280: Enhance JOptionPane + JDK-8365425: [macos26] javax/swing/JInternalFrame/8160248/ /JInternalFrameDraggingTest.java fails on macOS 26 + JDK-8365615: Improve JMenuBar/RightLeftOrientation.java + JDK-8365660: test/jdk/sun/security/pkcs11/KeyAgreement/ tests skipped without SkipExceprion + JDK-8365790: Shutdown hook for application image does not work on Windows + JDK-8365834: Mark java/net/httpclient/ManyRequests.java as intermittent + JDK-8365913: Support latest MSC_VER in abstract_vm_version.cpp + JDK-8365919: Replace currentTimeMillis with nanoTime in Stresser.java + JDK-8366092: [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks' + JDK-8366159: SkippedException is treated as a pass for pkcs11/KeyStore, pkcs11/SecretKeyFactory and pkcs11/SecureRandom + JDK-8366229: runtime/Thread/TooSmallStackSize.java runs with all collectors + JDK-8366233: Bump update version for OpenJDK: jdk-17.0.18 + JDK-8366342: Key generator and key pair generator tests skipping, but showing as passed + JDK-8366359: Test should throw SkippedException when there is no lpstat + JDK-8366764: Deproblemlist java/awt/ScrollPane/ScrollPositionTest.java + JDK-8366844: Update and automate MouseDraggedOriginatedByScrollBarTest.java + JDK-8367017: Remove legacy checks from WrappedToolkitTest and convert from bash + JDK-8367133: DTLS: fragmentation of Finished message results in handshake failure + JDK-8367237: Thread-Safety Usage Warning for java.text.Collator Classes + JDK-8367348: Enhance PassFailJFrame to support links in HTML + JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName + JDK-8367869: Test java/io/FileDescriptor/Sync.java timed out + JDK-8368032: Enhance Certificate Checking + JDK-8368192: Test java/lang/ProcessBuilder/Basic.java#id0 fails with Exception: Stack trace + JDK-8368668: Several vmTestbase/vm/gc/compact tests timed out on large memory machine + JDK-8368982: Test sun/security/tools/jarsigner/EC.java completed and timed out + JDK-8369032: Add test to ensure serialized ICC_Profile stores only necessary optional data + JDK-8369078: Fix faulty test conversion in IllegalCharsetName.java + JDK-8369184: SimpleTimeZone equals() Returns True for Unequal Instances with Different hashCode Values + JDK-8369226: GHA: Switch to MacOS 15 + JDK-8369450: [Ubuntu 25.10] openjdk fails to build due to rust-coreutils date + JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64 + JDK-8369946: Bytecode rewriting causes Java heap corruption on PPC + JDK-8369992: JFR: Disable Placeholder-, LoaderConstraints- and ProtectionDomainCacheTableStatistics in default.jfc + JDK-8370465: Right to Left Orientation Issues with MenuItem Component + JDK-8372439: [17u] build-test-lib is broken + JDK-8372534: Update Libpng to 1.6.51 + JDK-8375448: Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.18 ++++ kernel-source: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-source: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-docs: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-docs: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-kvmsmall: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-kvmsmall: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-obs-build: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-obs-build: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-obs-qa: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-obs-qa: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-syms: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-syms: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-zfcpdump: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ kernel-zfcpdump: - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (git-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - firmware: imx: scu-irq: Set mu_resource_id before get handle (stable-fixes). - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path (stable-fixes). - commit 3f8bd8a - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 675d22e - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit 3d4407e - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit 58ee56d - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit ed9e7a9 - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit c426951 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 1fc61fc - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - commit d4fc6df - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 4e1af62 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 2eb2757 - dpll: Prevent duplicate registrations (git-fixes). - dpll: zl3073x: Fix output pin registration (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix clock quality level reporting (git-fixes). - dpll: Add an assertion to check freq_supported_num (stable-fixes). - commit 59f0fdc - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - commit d5d2445 ++++ openjpeg2: - Add openjpeg2-cve-2023-39327-limit-iterations.patch (CVE-2023-39327, bsc#1227412). ++++ vlc: - Disable chromecast for Leap 15.6, fixes building - Rebase gcc requirement for Leap < 16.0 ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ python-radon: - Use poetry-core for building. ------------------------------------------------------------------ ------------------ 2026-1-22 - Jan 22 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-64kb: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-azure: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-azure: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-default: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-default: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-rt: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-rt: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ nodejs24: - 61008.patch: fix ppc64le build - node-gyp-addon-gypi.patch: fix build of binary modules ++++ dtb-aarch64: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ dtb-aarch64: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ flake-pilot: - Add flake-ctl podman --user ... option Flake registrations can be done systemwide and are then called from a normal user via sudo or they can be done user specific which requires to setup fakes.yml and the respective storage.conf to point to a writable space for the calling user. As a user you can decide via the new --user option which direction to go for the registration. - Update documentation Add information how to setup for rootless mode - Allow user specific podman storage location In addition to the user specific config, a new config option named podman_storage_conf has been added. By default it points to /etc/flakes/storage.conf which is provided with the pilot package. The file can now point to a user specific version and can include podman options to let it create the storage in a user writable space on the system - Allow user specific flake config file By default and if the calling user is root the setup of the flakes directory and other settings are read from /etc/flakes.yml. This commit allows to read a user specific $HOME/.config/flakes.yml when present. - Fix typo in storage conf ++++ freerdp: - Add patches to fix CVE issues: + freerdp-split-cast-macros-to-header.patch + freerdp-CVE-2025-4478.patch (CVE-2025-4478, bsc#1243109) + freerdp-CVE-2026-22851.patch (CVE-2026-22851, bsc#1256717) + freerdp-CVE-2026-22852.patch (CVE-2026-22852, bsc#1256718) + freerdp-CVE-2026-22853.patch (CVE-2026-22853, bsc#1256719) + freerdp-CVE-2026-22854.patch (CVE-2026-22854, bsc#1256720) + freerdp-CVE-2026-22855.patch (CVE-2026-22855, bsc#1256721) + freerdp-CVE-2026-22856.patch (CVE-2026-22856, bsc#1256722) + freerdp-CVE-2026-22857.patch (CVE-2026-22857, bsc#1256723) + freerdp-CVE-2026-22858.patch (CVE-2026-22858, bsc#1256724) + freerdp-CVE-2026-22859.patch (CVE-2026-22859, bsc#1256725) + freerdp-CVE-2026-23530.patch (CVE-2026-23530, bsc#1256940) + freerdp-CVE-2026-23531.patch (CVE-2026-23531, bsc#1256941) + freerdp-CVE-2026-23532.patch (CVE-2026-23532, bsc#1256942) + freerdp-CVE-2026-23533.patch (CVE-2026-23533, bsc#1256943) + freerdp-CVE-2026-23534.patch (CVE-2026-23534, bsc#1256944) + freerdp-CVE-2026-23732.patch (CVE-2026-23732, bsc#1256945) + freerdp-CVE-2026-23883.patch (CVE-2026-23883, bsc#1256946) + freerdp-CVE-2026-23884.patch (CVE-2026-23884, bsc#1256947) ++++ java-21-openjdk: - Update to upstream tag jdk-21.0.10+7 (January 2026 CPU) * CVEs + CVE-2026-21925, bsc#1257034 + CVE-2026-21932, bsc#1257036 + CVE-2026-21933, bsc#1257037 + CVE-2026-21945, bsc#1257038 * Changes + JDK-7191877: TEST_BUG: java/rmi/transport/checkLeaseInfoLeak/ /CheckLeaseLeak.java failing intermittently + JDK-8072701: resume001 failed due to ERROR: timeout for waiting for a BreakpintEvent + JDK-8139228: JFileChooser renders file names as HTML document + JDK-8139392: JInternalFrame has incorrect padding + JDK-8140527: JInternalFrame has incorrect title button width + JDK-8162380: [TEST_BUG] MouseEvent/.../ /AltGraphModifierTest.java has only "Fail" button + JDK-8199149: Improve the exception message thrown by VarHandle of unsupported operation + JDK-8201183: sjavac build failures: "Connection attempt failed: Connection refused" + JDK-8201778: Speed up test javax/net/ssl/DTLS/PacketLossRetransmission.java + JDK-8204868: java/util/zip/ZipFile/TestCleaner.java still fails with "cleaner failed to clean zipfile." + JDK-8210807: Printing a JTable with a JScrollPane prints table without rows populated + JDK-8216437: PPC64: Add intrinsic for GHASH algorithm + JDK-8219408: Tests should handle ${} in the view of jtreg "smart action" + JDK-8230016: re-visit test sun/security/pkcs11/Serialize/SerializeProvider.java + JDK-8245545: Disable TLS_RSA cipher suites + JDK-8265429: Improve GCM encryption + JDK-8277424: javax/net/ssl/TLSCommon/TLSTest.java fails with connection refused + JDK-8280482: Window transparency bug on Linux + JDK-8290043: serviceability/attach/ConcAttachTest.java failed "guarantee(!CheckJNICalls) failed: Attached JNI thread exited without being detached" + JDK-8297531: sun/security/krb5/MicroTime.java fails with "Exception: What? only 100 musec precision?" + JDK-8300708: Some nsk jvmti tests fail with virtual thread wrapper due to jvmti missing some virtual thread support + JDK-8304065: HttpServer.stop should terminate immediately if no exchanges are in progress + JDK-8304811: vmTestbase/vm/mlvm/indy/func/jvmti/ /stepBreakPopReturn/INDIFY_Test.java fails with JVMTI_ERROR_TYPE_MISMATCH + JDK-8305186: Reference.waitForReferenceProcessing should be more accessible to tests + JDK-8305567: serviceability/tmtools/jstat/GcTest01.java failed utils.JstatGcResults.assertConsistency + JDK-8306579: Consider building with /Zc:throwingNew + JDK-8307160: Fix AWT/2D/A11Y to support the permissive- flag on the Microsoft Visual C compiler + JDK-8308780: Fix the Java Integer types on Windows + JDK-8309511: Regression test ExtraImportSemicolon.java refers to the wrong bug + JDK-8310049: Refactor Charset tests to use JUnit + JDK-8310915: Typo in aarch64.ad: "envcodings" + JDK-8311076: RedefineClasses doesn't check for ConstantPool overflow + JDK-8311906: Improve robustness of String constructors with mutable array inputs + JDK-8313231: Redundant if statement in ZoneInfoFile + JDK-8313770: jdk/internal/platform/docker/ /TestSystemMetrics.java fails on Ubuntu + JDK-8315130: java.lang.IllegalAccessError when processing classlist to create CDS archive + JDK-8315990: Amend problemlisted tests to proper position + JDK-8316422: TestIntegerUnsignedDivMod.java triggers "invalid layout" assert in FrameValues::validate + JDK-8317132: Prepare HotSpot for permissive- + JDK-8317332: Prepare security for permissive- + JDK-8317970: Bump target macosx-x64 version to 11.00.00 + JDK-8318467: [jmh] tests concurrent.Queues and concurrent.ProducerConsumer hang with 101+ threads + JDK-8318730: MonitorVmStartTerminate.java still times out after JDK-8209595 + JDK-8318850: Duplicate code in the LCMSImageLayout + JDK-8319570: Change to GCC 13.2.0 for building on Linux at Oracle + JDK-8320049: PKCS10 would not discard the cause when throw SignatureException on invalid key + JDK-8320577: Improve MessageHeader's toString() function to make HttpURLConnection's debug log readable + JDK-8320836: jtreg gtest runs should limit heap size + JDK-8321180: Condition for non-latin1 string size too large exception is off by one + JDK-8321183: Incorrect warning from cds about the modules file + JDK-8321514: UTF16 string gets constructed incorrectly from codepoints if CompactStrings is not enabled + JDK-8322018: Test java/lang/String/CompactString/ /MaxSizeUTF16String.java fails with -Xcomp + JDK-8322135: Printing JTable in Windows L&F throws InternalError: HTHEME is null + JDK-8322140: javax/swing/JTable/JTableScrollPrintTest.java does not print the rows and columns of the table in Nimbus and Aqua LookAndFeel + JDK-8323803: ConstantOopReadValue::print_on should print 'null' instead of 'nullptr' + JDK-8324065: Daylight saving information for 'Africa/Casablanca' are incorrect + JDK-8324491: Keyboard layout didn't keep its state if it was changed when dialog was active + JDK-8325277: [21u] Backout test change of JDK-8291809 + JDK-8325530: Vague error message when com.sun.tools.attach .VirtualMachine fails to load agent library + JDK-8325590: Regression in round-tripping UTF-16 strings after JDK-8311906 + JDK-8325647: [IR framework] Only prints stdout if exitCode is 134 + JDK-8325731: Installation instructions for Debian/Ubuntu don't mention autoconf + JDK-8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically + JDK-8327434: Test java/util/PluggableLocale/ /TimeZoneNameProviderTest.java timed out + JDK-8327704: Update nsk/jdi tests to use driver instead of othervm + JDK-8327757: Convert javax/swing/JSlider/6524424/ /bug6524424.java applet to main + JDK-8327856: Convert applet test SpanishDiacriticsTest.java to a main program + JDK-8327980: Convert javax/swing/JToggleButton/4128979/ /bug4128979.java applet test to main + JDK-8328124: Convert java/awt/Frame/ShownOnPack/ /ShownOnPack.html applet test to main + JDK-8328247: Remove redundant dir for tests converted from applet to main + JDK-8328299: Convert DnDFileGroupDescriptor.html applet test to main + JDK-8328377: Convert java/awt/Cursor/MultiResolutionCursorTest test to main + JDK-8328562: Convert java/awt/InputMethods/DiacriticsTest/ /DiacriticsTest.java applet test to main + JDK-8331231: containers/docker/TestContainerInfo.java fails + JDK-8333200: Test containers/docker/TestPids.java fails Limit value -1 is not accepted as unlimited + JDK-8333526: Restructure java/nio/channels/DatagramChannel/ /StressNativeSignal.java to a fail fast exception handling policy + JDK-8333569: jpackage tests must run app launchers with retries on Linux only + JDK-8333783: java/nio/channels/FileChannel/directio/ /DirectIOTest.java is unstable with AV software + JDK-8334217: [AIX] Misleading error messages after JDK-8320005 + JDK-8334509: Cancelling PageDialog does not return the same PageFormat object + JDK-8334756: javac crashed on call to non-existent generic method with explicit annotated type arg + JDK-8334771: [TESTBUG] Run TestDockerMemoryMetrics.java with - Xcomp fails exitValue = 137 + JDK-8335986: Test javax/swing/JCheckBox/4449413/ /bug4449413.java fails on Windows 11 x64 because RBMenuItem's and CBMenuItem's checkmark on the left side are not visible + JDK-8337723: Remove redundant tests from com/sun/security/sasl/gsskerb + JDK-8338428: Add logging of final VM flags while setting properties + JDK-8338740: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes + JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC + JDK-8339366: [jittester] Make it possible to generate tests without execution + JDK-8340015: Open source several AWT focus tests - series 7 + JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures + JDK-8340354: Open source AWT desktop properties and print related tests + JDK-8341097: GHA: Demote Mac x86 jobs to build only + JDK-8341131: Some jdk/jfr/event/compiler tests shouldn't be executed with Xcomp + JDK-8341138: Rename jtreg property docker.support as container.support + JDK-8341443: [macos] AppContentTest and SigningOptionsTest failed due to "codesign" does not fails with "--app-content" on macOS 15 + JDK-8341496: Improve JMX connections + JDK-8342576: [macos] AppContentTest still fails after JDK-8341443 for same reason on older macOS versions + JDK-8342582: user.region for formatting number no longer works for 21.0.5 + JDK-8342934: TYPE_USE annotations printed with error causing "," in toString output + JDK-8343191: Cgroup v1 subsystem fails to set subsystem path + JDK-8343340: Swapping checking do not work for MetricsMemoryTester failcount + JDK-8343875: Minor improvements of jpackage test library + JDK-8343876: Enhancements to jpackage test lib + JDK-8344143: Test jdk/java/lang/Thread/virtual/stress/ /GetStackTraceALotWhenPinned.java timed out on macosx-x64 + JDK-8344577: Virtual thread tests are timing out on some macOS systems + JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on Debian 12 + JDK-8346142: [perf] scalability issue for the specjvm2008::xml.validation workload + JDK-8346234: javax/swing/text/DefaultEditorKit/4278839/ /bug4278839.java still fails in CI + JDK-8346753: Test javax/swing/JMenuItem/RightLeftOrientation/ /RightLeftOrientation.java fails on Windows Server 2025 x64 because the icons of RBMenuItem and CBMenuItem are not visible in Nimbus LookAndFeel + JDK-8346839: [TESTBUG] "java/awt/textfield/setechochartest4/ /setechochartest4.java" failed because the test frame disappears on clicking "Click Several Times" button + JDK-8346875: Test jdk/jdk/jfr/event/os/TestCPULoad.java fails on macOS + JDK-8347143: [aix] Fix strdup use in os::dll_load + JDK-8347277: java/awt/Focus/ComponentLostFocusTest.java fails intermittently + JDK-8347300: Don't exclude the "PATH" var from the environment when running app launchers in jpackage tests + JDK-8347377: Add validation checks for ICC_Profile header fields + JDK-8347434: Richer VM operations events logging + JDK-8347811: Container detection code for cgroups v2 should use cgroup.controllers + JDK-8347841: Test fixes that use deprecated time zone IDs + JDK-8348240: Remove SystemDictionaryShared::lookup_super_for_unregistered_class() + JDK-8348402: PerfDataManager stalls shutdown for 1ms + JDK-8349188: LineBorder does not scale correctly + JDK-8349534: Refactor jdk/sun/security/krb5/runNameEquals.sh to java test + JDK-8349705: java.net.URI.scanIPv4Address throws unnecessary URISyntaxException + JDK-8349988: Change cgroup version detection logic to not depend on /proc/cgroups + JDK-8350102: Decouple jpackage test-lib Executor.Result and Executor classes + JDK-8350623: Fix -Wzero-as-null-pointer-constant warnings in nsk native test utilities + JDK-8350813: Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError + JDK-8351110: ImageIO.write for JPEG can write corrupt JPEG for certain thumbnail dimensions + JDK-8351359: OperatingSystemMXBean: values from getCpuLoad and getProcessCpuLoad are stale after 24.8 days (Windows) + JDK-8351382: New test containers/docker/TestMemoryWithSubgroups.java is failing + JDK-8351567: Jar Manifest test ValueUtf8Coding produces misleading diagnostic output + JDK-8352016: Improve java/lang/RuntimeTests/ /RuntimeExitLogTest.java + JDK-8352533: Report useful IOExceptions when jspawnhelper fails + JDK-8352678: Opensource few JMenuItem tests + JDK-8352682: Opensource JComponent tests + JDK-8352686: Opensource JInternalFrame tests - series3 + JDK-8352687: Opensource few JInternalFrame and JTextField tests + JDK-8352793: Open source several AWT TextComponent tests - Batch 1 + JDK-8352865: Open source several AWT TextComponent tests - Batch 2 + JDK-8352905: Open some JComboBox bugs 1 + JDK-8352926: New test TestDockerMemoryMetricsSubgroup.java fails + JDK-8352966: Opensource Several Font related tests - Batch 2 + JDK-8352997: Open source several Swing JTabbedPane tests + JDK-8353007: Open some JComboBox bugs 2 + JDK-8353011: Open source Swing JButton tests - Set 1 + JDK-8353013: java.net.URI.create(String) may have low performance to scan the host/domain name from URI string when the hostname starts with number + JDK-8353175: Eliminate double iteration of stream in FieldDescriptor reinitialization + JDK-8353201: Open source Swing Tooltip tests - Set 2 + JDK-8353299: VerifyJarEntryName.java test fails + JDK-8353309: Open source several Swing text tests + JDK-8353319: Open source Swing tests - Set 3 + JDK-8353445: Open source several AWT Menu tests - Batch 1 + JDK-8353470: Clean up and open source couple AWT Graphics related tests (Part 2) + JDK-8353483: Open source some JProgressBar tests + JDK-8353486: Open source Swing Tests - Set 4 + JDK-8353585: Provide ChoiceFormat#parse(String, ParsePosition) tests + JDK-8353586: Open source several toolkit tests + JDK-8353589: Open source a few Swing menu-related tests + JDK-8353592: Open source several scrollbar tests + JDK-8353661: Open source several swing tests batch5 + JDK-8353832: Opensource FontClass, Selection and Icon tests + JDK-8353953: com/sun/jdi tests should be fixed to not always require includevirtualthreads=y + JDK-8353957: Open source several AWT ScrollPane tests - Batch 1 + JDK-8353958: Open source several AWT ScrollPane tests - Batch 2 + JDK-8354095: Open some JTable bugs 5 + JDK-8354106: Clean up and open source KeyEvent related tests (Part 2) + JDK-8354214: Open source Swing tests Batch 2 + JDK-8354233: Open some JTable bugs 6 + JDK-8354235: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8354248: Open source several AWT GridBagLayout and List tests + JDK-8354340: Open source Swing Tests - Set 6 + JDK-8354341: Open some JTable bugs 7 + JDK-8354365: Opensource few Modal and Full Screen related tests + JDK-8354418: Open source Swing tests Batch 4 + JDK-8354451: Open source some more Swing popup menu tests + JDK-8354465: Open some JTable bugs 8 + JDK-8354466: Open some misc Swing bugs 9 + JDK-8354472: Clean up and open source KeyEvent related tests (Part 3) + JDK-8354475: TestDockerMemoryMetricsSubgroup.java fails with exitValue = 1 + JDK-8354493: Opensource Several MultiScreen and Insets related tests + JDK-8354495: Open source several AWT DataTransfer tests + JDK-8354532: Open source JFileChooser Tests - Set 7 + JDK-8354552: Open source a few Swing tests + JDK-8354553: Open source several clipboard tests batch0 + JDK-8354561: Open source several swing tests batch0 + JDK-8354646: java.awt.TextField allows to identify the spaces in a password when double clicked at the starting and end of the text + JDK-8354653: Clean up and open source KeyEvent related tests (Part 4) + JDK-8354701: Open source few JToolTip tests + JDK-8354873: javax/swing/plaf/metal/MetalIconFactory/ /bug4952462.java failing on CI + JDK-8354928: Clean up and open source some miscellaneous AWT tests + JDK-8355071: Fix nsk/jdi test to not require lookup of main thread in order to set the breakpoint used for communication + JDK-8355077: Compiler error at splashscreen_gif.c due to unterminated string initialization + JDK-8355241: Move NativeDialogToFrontBackTest.java PL test to manual category + JDK-8355333: Some Problem list entries point to non-existent / wrong files + JDK-8355387: [jittester] Disable downcasts by default + JDK-8355444: [java.io] Use @requires tag instead of exiting based on "os.name" property value + JDK-8355478: DoubleActionESC.java fails intermittently + JDK-8355558: SJIS.java test is always ignored + JDK-8355561: [macos] Build failure with Xcode 16.3 + JDK-8355569: Some nsk/jdi tests can glean the "main" thread by using the ClassPrepareEvent for the debuggee main class + JDK-8355773: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee + JDK-8356023: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 2 + JDK-8356040: java/util/PluggableLocale/ /LocaleNameProviderTest.java timed out + JDK-8356145: ListEnterExitTest.java fails on macos + JDK-8356187: TestJcmd.java may incorrectly parse podman version + JDK-8356588: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 3 + JDK-8356752: Log mouse enter and exit events for debugging + JDK-8356811: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 4 + JDK-8356897: Update NSS library to 3.111 + JDK-8357172: Extend try block in nsk/jdi tests to capture exceptions thrown by Debuggee.classByName() + JDK-8357305: Compilation failure in javax/swing/JMenuItem/bug6197830.java + JDK-8357561: BootstrapLoggerTest does not work on Ubuntu 24 with LANG de_DE.UTF-8 + JDK-8357799: Improve instructions for JFileChooser/HTMLFileName.java + JDK-8357822: C2: Multiple string optimization tests are no longer testing string concatenation optimizations + JDK-8357882: Use UTF-8 encoded data in LocaleDataTest + JDK-8358048: java/net/httpclient/HttpsTunnelAuthTest.java incorrectly calls Thread::stop + JDK-8358532: JFileChooser in GTK L&F still displays HTML filename + JDK-8358577: Test serviceability/jvmti/thread/ /GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpected monitor object + JDK-8358679: [asan] vmTestbase/nsk/jvmti tests show memory issues + JDK-8358748: Large page size initialization fails with assert "page_size must be a power of 2" + JDK-8358764: (sc) SocketChannel.close when thread blocked in read causes connection to be reset (win) + JDK-8358813: JPasswordField identifies spaces in password via delete shortcuts + JDK-8359061: Update and ProblemList manual test java/awt/Cursor/CursorDragTest/ListDragCursor.java + JDK-8359167: Remove unused test/hotspot/jtreg/vmTestbase/nsk/ /share/jpda/BindServer.java + JDK-8359182: Use @requires instead of SkippedException for MaxPath.java + JDK-8359207: Remove runtime/signal/TestSigusr2.java since it is always skipped + JDK-8359418: Test "javax/swing/text/GlyphView/bug4188841.java" failed because the phrase of text pane does not match the instructions + JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again + JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test + JDK-8359477: com/sun/net/httpserver/Test12.java appears to have a temp file race + JDK-8359501: Enhance Handling of URIs + JDK-8359687: Use PassFailJFrame for java/awt/print/Dialog/DialogType.java + JDK-8360022: ClassRefDupInConstantPoolTest.java fails when running in repeat + JDK-8360178: TestArguments.atojulong gtest has incorrect format string + JDK-8360288: Shenandoah crash at size_given_klass in op_degenerated + JDK-8360408: [TEST] Use @requires tag instead of exiting based on "os.name" property value for sun/net/www/protocol/ /file/FileURLTest.java + JDK-8360411: [TEST] open/test/jdk/java/io/File/ /MaxPathLength.java Refactor extract method to encapsulate Windows specific test logic + JDK-8360478: libjsig related tier3 jtreg tests fail when asan is configured + JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions + JDK-8360981: Remove use of Thread.stop in test/jdk/java/net/Socket/DeadlockTest.java + JDK-8361253: CommandLineOptionTest library should report observed values on failure + JDK-8361298: SwingUtilities/bug4967768.java fails where character P is not underline + JDK-8361314: Test serviceability/jvmti/VMEvent/MyPackage/ /VMEventRecursionTest.java FATAL ERROR in native method: Failed during the GetClassSignature call + JDK-8361423: Add IPSupport::printPlatformSupport to java/net/NetworkInterface/IPv4Only.java + JDK-8361447: [REDO] Checked version of JNI ReleaseArrayElements needs to filter out known wrapped arrays + JDK-8361599: [PPC64] enable missing tests via jtreg requires + JDK-8361751: Test sun/tools/jcmd/TestJcmdSanity.java timed out on Windows + JDK-8361754: New test runtime/jni/checked/ /TestCharArrayReleasing.java can cause disk full errors + JDK-8361868: [GCC static analyzer] complains about missing calloc - NULL checks in p11_util.c + JDK-8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c + JDK-8362123: ClassLoader Leak via Executors.newSingleThreadExecutor(...) + JDK-8362204: test/jdk/sun/awt/font/TestDevTransform.java fails on Ubuntu 24.04 + JDK-8362207: Add more test cases for possible double-rounding in fma + JDK-8362308: Enhance Bitmap operations + JDK-8362516: Support of GCC static analyzer (-fanalyzer) + JDK-8362532: Test gc/g1/plab/* duplicate command-line options + JDK-8362533: Tests sun/management/jmxremote/bootstrap/* duplicate VM flags + JDK-8362602: Add test.timeout.factor to CompileFactory to avoid test timeouts + JDK-8362632: Improve HttpServer Request handling + JDK-8363676: [GCC static analyzer] missing return value check of malloc in OGLContext_SetTransform + JDK-8363720: Follow up to JDK-8360411 with post review comments + JDK-8363966: GHA: Switch cross-compiling sysroots to Debian trixie + JDK-8364198: NMT should have a better corruption message + JDK-8364199: Enhance list of environment variables printed in hserr/hsinfo file + JDK-8364214: Enhance polygon data support + JDK-8364235: Fix for JDK-8361447 breaks the alignment requirements for GuardedMemory + JDK-8364257: JFR: User-defined events and settings with a one-letter name cannot be configured + JDK-8364258: ThreadGroup constant pool serialization is not normalized + JDK-8364263: HttpClient: Improve encapsulation of ProxyServer + JDK-8364484: misc tests fail with Received fatal alert: handshake_failure + JDK-8364514: [asan] runtime/jni/checked/ /TestCharArrayReleasing.java heap-buffer-overflow + JDK-8364556: JFR: Disable SymbolTableStatistics and StringTableStatistics in default.jfc + JDK-8364597: Replace THL A29 Limited with Tencent + JDK-8364660: ClassVerifier::ends_in_athrow() should be removed + JDK-8364786: Test java/net/vthread/HttpALot.java intermittently fails - 24999 handled, expected 25000 + JDK-8364993: JFR: Disable jdk.ModuleExport in default.jfc + JDK-8364996: java/awt/font/FontNames/LocaleFamilyNames.java times out on Windows + JDK-8365058: Enhance CopyOnWriteArraySet + JDK-8365086: CookieStore.getURIs() and get(URI) should return an immutable List + JDK-8365098: make/RunTests.gmk generates a wrong path to test artifacts on Alpine + JDK-8365168: Use 64-bit aligned addresses for CK_ULONG access in PKCS11 native key code + JDK-8365240: [asan] exclude some tests when using asan enabled binaries + JDK-8365271: Improve Swing supports + JDK-8365280: Enhance JOptionPane + JDK-8365425: [macos26] javax/swing/JInternalFrame/8160248/ /JInternalFrameDraggingTest.java fails on macOS 26 + JDK-8365442: [asan] runtime/ErrorHandling/ /CreateCoredumpOnCrash.java fails + JDK-8365487: [asan] some oops (mode) related tests fail + JDK-8365615: Improve JMenuBar/RightLeftOrientation.java + JDK-8365660: test/jdk/sun/security/pkcs11/KeyAgreement/ tests skipped without SkipExceprion + JDK-8365790: Shutdown hook for application image does not work on Windows + JDK-8365834: Mark java/net/httpclient/ManyRequests.java as intermittent + JDK-8365913: Support latest MSC_VER in abstract_vm_version.cpp + JDK-8365919: Replace currentTimeMillis with nanoTime in Stresser.java + JDK-8365983: Tests should throw SkippedException when SCTP not supported + JDK-8366092: [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks' + JDK-8366159: SkippedException is treated as a pass for pkcs11/KeyStore, pkcs11/SecretKeyFactory and pkcs11/SecureRandom + JDK-8366208: Unexpected exception in sun.java2d.cmm.lcms.LCMSImageLayout + JDK-8366229: runtime/Thread/TooSmallStackSize.java runs with all collectors + JDK-8366231: Bump update version for OpenJDK: jdk-21.0.10 + JDK-8366342: Key generator and key pair generator tests skipping, but showing as passed + JDK-8366359: Test should throw SkippedException when there is no lpstat + JDK-8366558: Gtests leave /tmp/cgroups-test* files + JDK-8366750: Remove test 'java/awt/Choice/ /ChoiceMouseWheelTest/ChoiceMouseWheelTest.java' from problemlist + JDK-8366764: Deproblemlist java/awt/ScrollPane/ScrollPositionTest.java + JDK-8366844: Update and automate MouseDraggedOriginatedByScrollBarTest.java + JDK-8366893: java/lang/Thread/virtual/stress/ /GetStackTraceALotWhenPinned.java timed out on macos-aarch64 + JDK-8367017: Remove legacy checks from WrappedToolkitTest and convert from bash + JDK-8367021: Regression in LocaleDataTest refactoring + JDK-8367131: Test com/sun/jdi/ThreadMemoryLeakTest.java fails on 32 bits + JDK-8367133: DTLS: fragmentation of Finished message results in handshake failure + JDK-8367237: Thread-Safety Usage Warning for java.text.Collator Classes + JDK-8367348: Enhance PassFailJFrame to support links in HTML + JDK-8367372: Test 'test/hotspot/jtreg/gc/ /TestObjectAlignmentCardSize.java' fails on 32 bit systems + JDK-8367384: The ICC_Profile class may throw exceptions during serialization + JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName + JDK-8367869: Test java/io/FileDescriptor/Sync.java timed out + JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException + JDK-8368032: Enhance Certificate Checking + JDK-8368192: Test java/lang/ProcessBuilder/Basic.java#id0 fails with Exception: Stack trace + JDK-8368668: Several vmTestbase/vm/gc/compact tests timed out on large memory machine + JDK-8368960: Adjust java UL logging in the build + JDK-8368982: Test sun/security/tools/jarsigner/EC.java completed and timed out + JDK-8369032: Add test to ensure serialized ICC_Profile stores only necessary optional data + JDK-8369078: Fix faulty test conversion in IllegalCharsetName.java + JDK-8369184: SimpleTimeZone equals() Returns True for Unequal Instances with Different hashCode Values + JDK-8369226: GHA: Switch to MacOS 15 + JDK-8369319: java/net/httpclient/CancelRequestTest.java fails intermittently + JDK-8369450: [Ubuntu 25.10] openjdk fails to build due to rust-coreutils date + JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64 + JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files + JDK-8369616: JavaFrameAnchor on RISC-V has unnecessary barriers and wrong store order in MacroAssembler + JDK-8369946: Bytecode rewriting causes Java heap corruption on PPC + JDK-8369947: Bytecode rewriting causes Java heap corruption on RISC-V + JDK-8370214: [21u] Remove -Xdebug and -Xnoagent from tests: backport parts of 8227229 and 8312072 + JDK-8370465: Right to Left Orientation Issues with MenuItem Component + JDK-8372534: Update Libpng to 1.6.51 + JDK-8375447: Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.10 ++++ kernel-source: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-source: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-docs: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-docs: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-kvmsmall: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-kvmsmall: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-obs-build: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-obs-build: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-obs-qa: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-obs-qa: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-syms: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-syms: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-zfcpdump: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ kernel-zfcpdump: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit dab52b4 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 1f83ea8 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 46ce97a ++++ libxml2: - Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ++++ libxml2: - CVE-2026-0989: call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256804, bsc#1256805, bsc#1256810) * Add patch libxml2-CVE-2026-0989.patch * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ++++ openCryptoki: - Applied a patch (bsc#1256673, CVE-2026-22791) * openCryptoki-CVE-2026-22791-commit-e37e912.patch - Modified the .spec file for Immutable Mode (jsc#PED-14798) - Upgrade openCryptoki to 3.26 (jsc#PED-14609) * Soft: Add support for RSA keys up to 16K bits. * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later). * p11sak: Add support for generating RSA keys up to 16K bits. * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION). * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN. * p11sak: Add support for SHA-HMAC key types and key generation. * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping with various key wrapping mechanism. * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider. * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files. * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0). * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE. * p11sak: Add support for generating BLS12-381 EC keys. * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16). * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later). * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured). * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types. * Bug fixes. - Removed obsolete patches * ocki-3.25-remove-make-install-chgrp.patch * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch - Applied a new patch for version 3.26 * ocki-3.26-remove-make-install-chgrp.patch ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table ++++ openvpn: -FIX:VUL-0:openvpn: Improper validation of source IP addresses in OpenVPN version 2.6.0 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service (bsc#1254486 CVE-2025-13086) Patchname:openvpn-CVE-2025-13086.patch ++++ libxml2-python: - Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ++++ libxml2-python: - CVE-2026-0989: call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256804, bsc#1256805, bsc#1256810) * Add patch libxml2-CVE-2026-0989.patch * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ------------------------------------------------------------------ ------------------ 2026-1-21 - Jan 21 2026 ------------------- ------------------------------------------------------------------ ++++ bind: - Upgrade to release 9.20.18 Security Fixes: * Fix incorrect length checks for BRID and HHIT records. (CVE-2025-13878) [bsc#1256997] Feature Changes: * Add more information to the rndc recursing output about fetches. * Reduce the number of outgoing queries. * Provide more information when memory allocation fails. Bug Fixes: * Make DNSSEC key rollovers more robust. * Fix a catalog zone issue, where member zones could fail to load. * Allow glue in delegations with QTYPE=ANY. * Fix slow speed when signing a large delegation zone with NSEC3 opt-out. * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid. * Fix a possible catalog zone issue during reconfiguration. * Fix the charts in the statistics channel. * Adding NSEC3 opt-out records could leave invalid records in chain. * Fix spurious timeouts while resolving names. * Fix bug where zone switches from NSEC3 to NSEC after retransfer. * AMTRELAY type 0 presentation format handling was wrong. * Fix parsing bug in remote-servers with key or TLS. * Fix DoT reconfigure/reload bug in the resolver. * Skip unsupported algorithms when looking for a signing key. * Fix dnssec-keygen key collision checking for KEY RRtype keys. * dnssec-verify now uses exit code 1 when failing due to illegal options. * Prevent assertion failures of dig when a server is specified before the -b option. * Skip buffer allocations if not logging. ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 ++++ kernel-64kb: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-64kb: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-azure: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-azure: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-default: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-default: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-rt: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-rt: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ samba: - Fix mistake in README.SUSE /var/spool/samba => /var/samba/spool (bsc#1254665). ++++ cups: - Version upgrade to 2.4.16: See https://github.com/openprinting/cups/releases The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives. Detailed list (from CHANGES.md): * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.15: See https://github.com/openprinting/cups/releases The release CUPS 2.4.15 brings two CVE fixes: Fix various cupsd issues which cause local DoS (CVE-2025-61915 bsc#1253783) Fix unresponsive cupsd process caused by slow client (CVE-2025-58436 bsc#1244057) and several bug fixes described in CHANGES.md. Detailed list (from CHANGES.md): * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16 - Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017" which contained needless UTF-8 Unicode characters that are now replaced by plain ASCII text in "... line - the ..." to fix a rpmlint "non-break-space" warning. - Adapted and enhanced 'tmpfiles.d' related things in cups.spec to "Fix packages for Immutable Mode - cups" (implementation task jsc#PED-14775 from epic jsc#PED-14688) ++++ dtb-aarch64: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ dtb-aarch64: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ flake-pilot: - Update README Fix repo names and update use case list ++++ fontforge: - Add fontforge-fix-multiple-crashes-in-Multiple-Masters.patch: Backport dfe5c803 from upstream, Fix multiple crashes in Multiple Masters. - Add fontforge-fix-crash-for-content-over-32767-characters-in-GDraw.patch: Backport 0df57ac0 from upstream, fix crash for content over 32767 characters in GDraw multiline text field. - Add fontforge-CVE-2025-15279-part02_720ea950.patch: Backport 720ea950 from upstream, Move bounds check inside cnt >= 3 block. (CVE-2025-15279, ZDI-CAN-27517, bsc#1256013) - Add fontforge-CVE-2025-15269.patch: Backport 6aea6db5 from upstream, Use-after-free in SFD ligature parsing. (CVE-2025-15269, ZDI-25-1195, ZDI-CAN-28564, bsc#1256032) - Add fontforge-CVE-2025-15275.patch: Backport 71954027 from upstream, Fix heap buffer overflow in SFD image parsing. (CVE-2025-15275 ZDI-25-1189 ZDI-CAN-28543 bsc#1256025) - Add fontforge-CVE-2025-15279-part01_7d67700c.patch: Backport 7d67700c from upstream, Fix heap buffer overflow in BMP RLE decompression. (CVE-2025-15279, ZDI-CAN-27517, bsc#1256013) - Add fontforge-fix-crash-on-UpDown-keypress-in-the-feature-list.patch: Backport aca4f524 from upstream, Metrics view: Fix crash on Up/Down keypress while in the feature list. - Add fontforge-fix-crash-in-Metrics-View.patch Backport 46dc37435 from upstream, Fix crash in Metrics View. - Add fontforge-fix-UFO-crash-for-empty-contours.patch Backport 77b1b148 from upstream, Fix UFO crash for empty contours. - Add fontforge-fix-crash-issue-in-allmarkglyphs.patch: Backport 9d793fe9 from upstream, fix crash issue in allmarkglyphs. ++++ glib2: - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ++++ glib2-doc: - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ++++ kernel-source: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-source: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-docs: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-docs: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-kvmsmall: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-kvmsmall: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-obs-build: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-obs-build: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-obs-qa: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-obs-qa: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-syms: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-syms: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-zfcpdump: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ kernel-zfcpdump: - erofs: fix file-backed mounts no longer working on EROFS partitions (CVE-2025-68361 bsc#1255526). - commit 472da07 - erofs: don't bother with s_stack_depth increasing for now (CVE-2025-68361 bsc#1255526). - commit 39303bf - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit e140a1d - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit c5ba5af - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 5db1006 - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit f859099 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit ca299fb - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit a3661a2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit abe0920 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit 158d717 - Refresh patches.suse/iavf-get-rid-of-the-crit-lock.patch. Fix locking issue introduced by CVE backport (bsc#1256975 bsc#1254977). - commit d093512 - erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361 bsc#1255526). - commit 4238cae - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit b8da07f - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - commit da1be71 - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - ata: libata-sata: Improve link_power_management_supported sysfs attribute (git-fixes). - ata: ahci: Do not read the per port area for unimplemented ports (git-fixes). - ata: libata-scsi: Fix system suspend for a security locked drive (git-fixes). - ata: libata-scsi: Fix ata_to_sense_error() status handling (git-fixes). - commit 7be8126 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch. - blacklist.conf: Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit 3863579 ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ openQA: - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` ++++ tailscale: - Update to version 1.94.0: * derp/derpserver: add a unique sender cardinality estimate * syncs: add means of declare locking assumptions for debug mode * cmd/k8s-operator: add support for taiscale.com/http-redirect * cmd/k8s-operator fix populateTLSSecret on tests * feature/posture: log method and full URL for posture identity requests * k8s-operator: Fix typos in egress-pod-readiness.go * cmd/tailscale,ipn: add Unix socket support for serve * client/systray: change systray to start after graphical.target * cmd/k8s-operator: warn if users attempt to expose a headless Service * cmd/tailscale/cli, util/qrcodes: format QR codes on Linux consoles * tsnet: ensure funnel listener cleans up after itself when closed * ipn/store/kubestore: don't load write replica certs in memory * tsnet: allow for automatic ID token generation ------------------------------------------------------------------ ------------------ 2026-1-20 - Jan 20 2026 ------------------- ------------------------------------------------------------------ ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ chromium: - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) ++++ kernel-64kb: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-64kb: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-azure: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-azure: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-default: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-default: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-rt: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-rt: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ glibc-cross-aarch64-src: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ glibc-cross-ppc64le-src: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ glibc-cross-riscv64-src: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ glibc-cross-s390x-src: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ doxygen: - drop %suse_update_desktop_file usag - modified sources * doxywizard.desktop ++++ doxywizard: - drop %suse_update_desktop_file usag - modified sources * doxywizard.desktop ++++ dtb-aarch64: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ dtb-aarch64: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ glibc: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ glibc-utils-src: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache contention workloads (bsc#1256436, BZ #33704) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ grub2: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch ++++ grub2: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch ++++ kernel-source: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-source: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-docs: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-docs: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-kvmsmall: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-kvmsmall: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-obs-build: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-obs-build: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-obs-qa: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-obs-qa: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-syms: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-syms: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-zfcpdump: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ kernel-zfcpdump: - blk-throttle: fix throtl_data leak during disk release (git-fixes). - commit d28bb8b - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit ac1975f - xfs: fix a UAF problem in xattr repair (CVE-2025-68784 bsc#1256793). - commit 2b579a4 - svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811 bsc#1256677). - commit 5da529b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit d92ea95 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 677f876 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080 bsc#1256608). - smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132 bsc#1256737). - commit 1c36926 - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - commit a542b6f - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 77ece13 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch Remove this patch before remaking it in an appropriate way. - commit f91d20a - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 796b399 ++++ vlc: - Explicitly pass --disable-postproc to configure to not have a difference between ffmpeg-7 and ffmpeg-8 builds. ++++ nvidia-open-driver-G06-signed-cuda: - updated CUDA variant to version 580.126.09 - supersedes kernel-6.18.patch ++++ nvidia-open-driver-G06-signed: - updated CUDA variant to version 580.126.09 - supersedes kernel-6.18.patch ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ openQA: - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list ++++ os-autoinst-distri-opensuse-deps: - Added dependency perl(Inline::Python) - Added dependency mkisofs - Added dependency jq - Added dependency gzip ++++ python-jaraco.context: - Add CVE-2026-23949.patch to fix CVE-2026-23949 (bsc#1256954) ++++ python-urllib3: - Add security patch: * CVE-2025-66471.patch (bsc#1254867) * CVE-2025-66418.patch (bsc#1254866) ++++ python-weasyprint: - Add CVE-2025-68616.patch to fix server-side request forgery (SSRF) vulnerability in default fetcher. (bsc#1256936, CVE-2025-68616, gh#Kozea/WeasyPrint@b6a14f0f3f4c) ------------------------------------------------------------------ ------------------ 2026-1-19 - Jan 19 2026 ------------------- ------------------------------------------------------------------ ++++ alloy: - CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255333): * Bump github.com/expr-lang/expr to version 1.17.7 ++++ scanner-databases: - database refresh on 2026-01-19 (bsc#1084929) ++++ kernel-64kb: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-64kb: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-azure: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-azure: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-default: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-default: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-rt: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-rt: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ nodejs22: - Update to 22.22.0: * deps: updated undici to 6.23.0 (bsc#1256848, CVE-2026-22036) * deps: updated bundled c-ares to 1.34.6 (if used) * add TLSSocket default error handler (bsc#1256573, CVE-2025-59465) * disable futimes when permission model is enabled (bsc#1256571, CVE-2025-55132) * require full read and write to symlink APIs (bsc#1256569, CVE-2025-55130) * rethrow stack overflow exceptions in async_hooks (bsc#1256574, CVE-2025-59466) * refactor unsafe buffer creation to remove zero-fill toggle (bsc#1256570, CVE-2025-55131) * route callback exceptions through error handlers (bsc#1256576, CVE-2026-21637) ++++ samba: - Update to 4.22.7 * Samba 4.22 breaks Time Machine; (bso#15926). * Searching for numbers doesn't work with Spotlight; (bso#15930). * mdssvc doesn't support $time.iso dates before 1970; (bso#15947). * Fix winbind cache consistency; (bso#15963). * vfs_recycle does not update mtime; (bso#15940). * Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') in vfswrap_openat; (bso#15897). * ctdb can crash with inconsistent cluster lock configuration; (bso#15950). * samba-bgqd: rework man page; (bso#15809). * samba-bgqd can't find [printers] share; (bso#15936); (bsc#1254586). * Winbind can hang forever in gssapi if there are network issues; (bso#15955). * libldb requires linking libreplace on Linux; (bso#15961). * Crash in ctdbd on failed updateip; (bso#15935). ++++ dtb-aarch64: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ dtb-aarch64: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ flake-pilot: - Fix image prune for local containers On pull of a newer container the old one stays in the local registry without any reference. So far pruning this old data was done directly after explicitly pulling a container by the pilot e.g. for a layer reference. However podman on its own is also expected to pull the referenced container according to the flake setup. As such the prune command is only called under certain condition where it should be called as part of the garbage collection with any flake invocation. ++++ fontforge: - Update fontforge.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ++++ hauler: - Update to version 1.4.1 (bsc#1256546, CVE-2026-22772): * fixed typos for containerd imports (#493) * fix and support containerd imports of `hauls` (#492) * bump github.com/sigstore/fulcio (#489) ++++ ibus: - Update ibus.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ++++ ibus_gtk4: - Update ibus.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ++++ ibus-libpinyin: - Update ibus-libpinyin.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ++++ kernel-source: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-source: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-docs: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-docs: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-kvmsmall: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-kvmsmall: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-obs-build: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-obs-build: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-obs-qa: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-obs-qa: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-syms: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-syms: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-zfcpdump: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ kernel-zfcpdump: - scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741 bsc#1255703). - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - blk-throttle: fix access race during throttle policy activation (CVE-2025-40147 bsc#1253344). - commit 3a550b4 - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 7dae7cf - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211 bsc#1255319). - commit 4816124 - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (git-fixes). - commit fa0306d - btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542 CVE-2025-68359). - commit 6ceb575 - btrfs: track delayed ref heads in an xarray (git-fixes). - commit 1e30518 - btrfs: remove pointless initialization at btrfs_qgroup_trace_extent() (git-fixes). - commit a6f074a - btrfs: always use delayed_refs local variable at btrfs_qgroup_trace_extent() (git-fixes). - commit fe22722 - btrfs: remove unnecessary delayed refs locking at btrfs_qgroup_trace_extent() (git-fixes). - commit 9f1e0ee - btrfs: store fs_info in a local variable at btrfs_qgroup_trace_extent_post() (git-fixes). - commit 83a75de - btrfs: qgroups: remove bytenr field from struct btrfs_qgroup_extent_record (git-fixes). - commit 4040e94 - btrfs: add comments regarding locking to struct btrfs_delayed_ref_root (git-fixes). - commit c3029d5 - btrfs: assert delayed refs lock is held at add_delayed_ref_head() (git-fixes). - commit a71ad52 - btrfs: assert delayed refs lock is held at find_first_ref_head() (git-fixes). - commit d0232bb - btrfs: assert delayed refs lock is held at find_ref_head() (git-fixes). - commit c64e28a - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - commit 9209eb3 - btrfs: pass fs_info to functions that search for delayed ref heads (git-fixes). - commit c8e07b0 - btrfs: move delayed ref head unselection to delayed-ref.c (git-fixes). - commit 489dc34 - btrfs: simplify obtaining a delayed ref head (git-fixes). - commit 16c3f62 - btrfs: change return type of btrfs_delayed_ref_lock() to boolean (git-fixes). - commit 03bca3c - btrfs: remove num_entries atomic counter from delayed ref root (git-fixes). - commit 054bc10 - btrfs: use helper to find first ref head at btrfs_destroy_delayed_refs() (git-fixes). - commit 4374302 - btrfs: remove duplicated code to drop delayed ref during transaction abort (git-fixes). - commit 725dadb - btrfs: remove fs_info parameter from btrfs_cleanup_one_transaction() (git-fixes). - commit 1591511 - btrfs: remove fs_info parameter from btrfs_destroy_delayed_refs() (git-fixes). - commit 9c2d1b7 - btrfs: move btrfs_destroy_delayed_refs() to delayed-ref.c (git-fixes). - commit 3491ecf - btrfs: remove BUG_ON() at btrfs_destroy_delayed_refs() (git-fixes). - commit 08fe1bf - move GDMA_DRV_CAP_FLAG_1_DYNAMIC_IRQ_ALLOC_SUPPORT to upstream location - remove a bpf CVE change which is already part of the base kernel - net: hv_netvsc: reject RSS hash key programming without RX indirection table (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - mshv: Fix create memory region overlap check (bsc#1255708 CVE-2025-68743). - Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - mshv: Fix deposit memory in MSHV_ROOT_HVCALL (git-fixes). - mshv: Fix VpRootDispatchThreadBlocked value (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - commit 5f8e751 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: stm32: dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc32xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: ti: gmii-sel: fix regmap leak on probe failure (git-fixes). - phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it (git-fixes). - i2c: riic: Move suspend handling to NOIRQ phase (git-fixes). - commit f852916 ++++ poppler: - remove redundant BuildRequires: update-desktop-files (thanks to sbrabec) ++++ poppler-qt5: - remove redundant BuildRequires: update-desktop-files (thanks to sbrabec) ++++ poppler-qt6: - remove redundant BuildRequires: update-desktop-files (thanks to sbrabec) ++++ os-autoinst-distri-opensuse-deps: - Added dependency perl(Inline::Python) - Added dependency mkisofs - Added dependency jq - Added dependency gzip ++++ python-Brotli: - Add max-length-decompression.patch (bsc#1254867, bsc#1256017) ++++ python-FontTools: - Add security patch CVE-2025-66034.patch (bsc#1254366) ++++ python-pyasn1: - Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902) ++++ python-pyasn1: - Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902) ++++ suse-migration-services: - Fixed get_migration_target return behavior Instances of MigrationTarget are used across the entire code base and it is expected that get_migration_target() always provides a proper migration target record. If it is not possible to determine the migration target it should always report the default migration target. However, there was one code path which returned an empty record wich is then causing e.g. suse-migration-pre-checks to fail with a stack trace because some code evaluates a target record when there is none. The above situation can be reproduced if a user for some reason just installs the suse-migration-pre-checks package but nothing else from the DMS. The code logic obviosly can now not detect the migration target but should not return with an empty record. This commit fixes the behavior. ++++ trytond: - Version 7.0.44 - Bugfix Release ------------------------------------------------------------------ ------------------ 2026-1-18 - Jan 18 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-64kb: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-azure: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-azure: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-default: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-default: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-rt: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-rt: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ dtb-aarch64: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ dtb-aarch64: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-source: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-source: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-docs: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-docs: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-kvmsmall: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-kvmsmall: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-obs-build: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-obs-build: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-obs-qa: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-obs-qa: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-syms: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-syms: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-zfcpdump: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ++++ kernel-zfcpdump: - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - spi: cadence-quadspi: Prevent lost complete() call during indirect read (stable-fixes). - ata: libata-core: Disable LPM on ST2000DM008-2FR102 (stable-fixes). - spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ (stable-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (stable-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - commit d246be3 - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - commit 18eceac - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit a066f3b ------------------------------------------------------------------ ------------------ 2026-1-17 - Jan 17 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-64kb: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-azure: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-azure: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-default: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-default: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-rt: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-rt: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ dtb-aarch64: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ dtb-aarch64: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ gnucobol: - Update to 3.2 * improved dialect handling including changed defaults to better match the selected dialect * a complete new dialect GCOS and support for more COBOL statements * intrinsic functions and syntax from both "old" and new dialects * highly improved run-times for several statements, along with less memory usage, especially if runtime checks are enabled * fileio changes to support LINE-SEQUENTIAL per COBOL2023 and runtime options to change the way files are handled, see NEWS and runtime.cfg * improvements for source-level debugging via GDB and coredump support * output of context for diagnostics * improvements for reproducible builds - Change download resources to gnu ftp for more stable source - Add patch move_packed_decimal.patch - Remove mlio.c in gnucobol-3.1.2-C99.diff - Remove fix_test_698.patch - Add patch fix-errno.patch - Add newcob.val.tar.gz for fixing download of value data for tests - Add gnucobol-esql-3.0 * ESQL preprocessor (esqlOC) relies on ODBC for access to a variety of SQL engines - Renaming from gnu-cobol to gnucobol ++++ kernel-source: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-source: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-docs: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-docs: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-kvmsmall: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-kvmsmall: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-obs-build: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-obs-build: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-obs-qa: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-obs-qa: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-syms: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-syms: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-zfcpdump: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ kernel-zfcpdump: - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix test suite name (git-fixes). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (git-fixes). - commit fcd5437 ++++ myrlyn: - Update to version 1.0.0: * Version bump to 1.0.0 * Document zypp history filters * Wider columns in zypp history * zypp history filters are working * New classes for zypp history filters * Use [OK] as the default dialog button * Suppress Qt bullshit messages that keep flooding the log * Add zypp history filter dialog * Add infrastructure for zypp history filters * Extend zypp history browser time line to today if the last activity date was just 10 or less days ago * Zypp history error handling * Fix (+/-) count conditions * Show (+/-) count in zypp history only for nontrivial transactions * Reasonable column widths in zypp history browser * Initial selection in zypp history browser * Added new zypp history browser to features in README.md * Show (+/-) count for commands in zypp history * Show --zypp-history in usage message as normal, not debugging option * Use standard columns in zypp history only for packages and patches * Fixed column spanning for parent items * Working zypp history browser navigation * Populated history events tree * First populated timeline (navigation) tree for the zypp history * First rough parsing tests ok * Add Ctrl+Shift+H shortcut to show zypp history * First new (still empty) ZyppHistoryBrowser, drop old YQPkgHistoryDialog * Code reorg + consistency * Handle incomplete zypp history files * New designer form for the zypp history browser * More zypp history test data * Add zypp history test data * Factor out ZyppHistoryEvents * Use a namespace for better organization * Lots of boring zypp history parser code * Parse zypp history command events * Filling ZyppHistoryParser with life * Filling ZyppHistoryParser with life * New class ZyppHistoryParser * New class ZyppHistory * Handle command line options with additional argument * Make sure at least one "search in" check box is checked when searching * Support searching in RPM recommends, too * Added tooltip for auto search default mode button * Right-align auto search default mode button * Enable switching the default auto search mode between "Starts With" and "Contains" * New icons * Allow no parent * Unneeded includes * Fixed script she-bang * Class rename MyrlynTranslator -> Translator * Generalize MyrlynTranslator * Re-imported latest QDirStat logger * Show special resolver modes (up/dup) in status line * Silenced left-over debug output * Support using ~/.config/openSUSE/myrlyn-sudo.conf * Fixed typo in .desktop file * Added Video LAN community repo (also serves libdvdcss) * Log the Qt environment * More HiDPI hints in .desktop files * Ensure the popup is centered * Commented out unavailable/redundant community repos on 16.x * No progress bar during post-transaction scripts * Actually use myrlyn-run0 in myrlyn-run0.desktop * Added systemd run0 support (#122 by @zeusgoose) * Updated docs: Stability and maturity * Added myrlyn-stable for Leap 15.6 from OBS home:shundhammer to downloads ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ perl-MCP: - updated to 0.70.0 (0.07) see /usr/share/doc/packages/perl-MCP/Changes 0.07 2026-01-16 - Fixed bug in MCP::Prompt where text prompts had the wrong format. ------------------------------------------------------------------ ------------------ 2026-1-16 - Jan 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-64kb: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-64kb: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-azure: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-azure: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-azure: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-default: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-default: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-default: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-rt: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-rt: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-rt: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ cockpit: - Drop 0010-add-onExpand-prop-to-ListingTable.patch: Has been upstreamed - Update to 354 * changes since 351 - 354 * Convert documentation to AsciiDoc * Work around Firefox 146/147 bug (rhbz#2422331) * Bug fixes - 353 * Networking: Suggest prefix length and gateway address * Bug fixes and translation updates - 352 * Shown a warning if the last shutdown/reboot was unclean * Bug fixes and translation updates ++++ dtb-aarch64: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ dtb-aarch64: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ dtb-aarch64: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ elemental-register: - Changes on top of v1.8.1: * 49ebf0b7 Update headers to 2026 * fd13ba92 Update questions to include SL Micro 6.2 ++++ freerdp: - Update to version 3.20.2: + Patch release fixing a regression with gateway connections introduced with 3.20.1 [#]# What's Changed * Warnings and missing enumeration types (#12137) - Changes from version 3.20.1: + New years cleanup release. Fixes some issues reported and does a cleaning sweep to bring down warnings. Thanks to @ehdgks0627 doing some code review/testing we've uncovered the following (medium) vulnerabilities: * CVE-2026-22851 * CVE-2026-22852 * CVE-2026-22853 * CVE-2026-22854 * CVE-2026-22855 * CVE-2026-22856 * CVE-2026-22857 * CVE-2026-22858 * CVE-2026-22859 + These affect FreeRDP based clients only, with the exception of CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based servers are not affected. ++++ gimp: - Add CVE fixes: + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) ++++ gimp: - Add CVE fixes: + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) ++++ gimp: - Add CVE fixes: + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) ++++ gimp: - Add CVE fixes: + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) ++++ harfbuzz: - Add harfbuzz-CVE-2026-22693.patch: fix a NULL pointer dereference (bsc#1256459 CVE-2026-22693). ++++ kernel-source: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-source: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-source: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-docs: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-docs: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-docs: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-kvmsmall: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-kvmsmall: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-kvmsmall: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-build: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-build: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-build: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-qa: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-qa: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-obs-qa: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-syms: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-syms: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-syms: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-zfcpdump: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-zfcpdump: - caif: fix integer underflow in cffrml_receive() (CVE-2025-68799 bsc#1256643) - commit 1ef0d96 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 09d81f3 - coresight: ETR: Fix ETR buffer use-after-free issue (CVE-2025-68376 bsc#1255529) - commit a4ff2c1 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 49a3b6c - block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348 bsc#1255694) - commit 73e6c55 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit c6b18fc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 19ea2fb - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit 9a8d388 - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - commit c16cfd0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - veth: reduce XDP no_direct return section to fix race (CVE-2025-68341 bsc#1255506). - commit ffa2fc1 - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - commit ff9c1e2 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b68a391 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 4c1b1ef - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit 6b33846 - md: init bioset in mddev_init (CVE-2025-68368 bsc#1255527). - commit 4b605d4 - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit dfa5bc8 - drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811). - commit ab86e96 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - nvme-multipath: fix lockdep WARN due to partition scan work (CVE-2025-68218 bsc#1255245). - commit ff3bc4b - wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (CVE-2025-68360 bsc#1255536). - commit 5863e8a - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 1b12281 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ kernel-zfcpdump: - Refresh patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch. Refresh kABI workaround to use 'unsigned char' instead of the original 'enum bpf_attach_type' as the data type. It was discovered at SL-16.0 MU submission time that the kABI workaround currently in-place does not work on -rt flavor. The reason is that due to preceding spinlock_t having a different size, the hole was only 2 bytes instead of 6 bytes, and thus too small to fit 'enum'. Since all the possible enum values are small enough to fit within 'unsigned char', switch the data type of the new field to that instead. - commit 06ff4d9 - efi/cper: Fix cper_bits_to_str buffer handling and return value (git-fixes). - lib/buildid: use __kernel_read() for sleepable context (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6b2a65b ++++ openQA: - Update to version 5.1768564451.45d5d5b2: * feat: optionally configure fake auth key+secret+expiration * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ++++ os-autoinst: - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * os-autoinst-generate-needle-preview: Embed PNG ------------------------------------------------------------------ ------------------ 2026-1-15 - Jan 15 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Support using system GnuPG with gpgme 2, boo#1253718 bmo1967121 add mozilla-bmo1967121.patch ++++ scanner-databases: - database refresh on 2026-01-15 (bsc#1084929) ++++ kernel-64kb: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-64kb: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-64kb: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-azure: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-azure: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-azure: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-default: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-default: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-default: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-rt: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-rt: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-rt: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ nodejs24: - Update to 24.13.0: * deps: updated undici to 7.18.2 (bsc#1256848, CVE-2026-22036) * deps: updated bundled c-ares to 1.34.6 (if used) * add TLSSocket default error handler (bsc#1256573, CVE-2025-59465) * disable futimes when permission model is enabled (bsc#1256571, CVE-2025-55132) * require full read and write to symlink APIs (bsc#1256569, CVE-2025-55130) * rethrow stack overflow exceptions in async_hooks (bsc#1256574, CVE-2025-59466) * refactor unsafe buffer creation to remove zero-fill toggle (bsc#1256570, CVE-2025-55131) * route callback exceptions through error handlers (bsc#1256576, CVE-2026-21637) ++++ dtb-aarch64: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ dtb-aarch64: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ dtb-aarch64: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ ffmpeg-4: - Add ffmpeg-4-CVE-2025-63757.patch: Backport 0c6b7f948 from upstream. swscale/output: Fix integer overflow in yuv2ya16_X_c_template() (bsc#1255392, CVE-2025-63757). ++++ go1.24: - go1.24.12 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls and os packages. Refs boo#1236217 go1.24 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76854 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77105 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77107 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77109 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77114 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range ++++ go1.24: - go1.24.12 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls and os packages. Refs boo#1236217 go1.24 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76854 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77105 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77107 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77109 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77114 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range ++++ go1.24-openssl: - Update to version 1.24.12 cut from the go1.24-fips-release branch at the revision tagged go1.24.12-1-openssl-fips. Refs jsc#SLE-18320 * Rebase to 1.24.12 - go1.24.12 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls and os packages. Refs boo#1236217 go1.24 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76854 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77105 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77107 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77109 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77114 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range ++++ go1.25: - go1.25.6 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls, errors, and os packages. Refs boo#1244485 go1.25 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76855 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77104 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77106 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77108 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77110 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77115 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 ++++ go1.25: - go1.25.6 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls, errors, and os packages. Refs boo#1244485 go1.25 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76855 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77104 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77106 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77108 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77110 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77115 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 ++++ go1.25-openssl: - Update to version 1.25.6 cut from the go1.25-fips-release branch at the revision tagged go1.25.6-1-openssl-fips. Refs jsc#SLE-18320 * Rebase to 1.25.6 - go1.25.6 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls, errors, and os packages. Refs boo#1244485 go1.25 release tracking CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 * go#76855 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level * go#77104 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain * go#77106 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution * go#77108 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm * go#77110 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives * go#77115 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling : runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 ++++ go1.26: - go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc2. Refs boo#1255111 go1.26 release tracking * go1.26 requires go1.24.6 or later for bootstrap. ++++ go1.26: - go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc2. Refs boo#1255111 go1.26 release tracking * go1.26 requires go1.24.6 or later for bootstrap. ++++ helmfile: - remove two obsoletes for still existing subpackages. ++++ kernel-source: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-source: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-source: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-docs: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-docs: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-docs: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-kvmsmall: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-kvmsmall: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-kvmsmall: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-build: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-build: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-build: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-qa: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-qa: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-obs-qa: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-syms: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-syms: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-syms: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-zfcpdump: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-zfcpdump: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit e27edfa - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ kernel-zfcpdump: - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit bfcbd27 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - landlock: Optimize file path walks and prepare for audit support (CVE-2025-68736 bsc#1255698). - commit 255f197 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit f8b4e56 - ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388). - commit 5a88d0a - cpuset: fix warning when disabling remote partition (bsc#1256794). - commit ab4d052 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 6757234 - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. Just refresh to fix: warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch: Patch unexpectedly ends in the middle of a line. - commit 675e06b - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 74e061b ++++ syslogd: - Avoid restarting klog.service and klogd.service in postun as both services should be started once (boo#1243035#c14) ++++ libpng16: - security update - added patches * libpng16-CVE-2025-22801.patch CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read * libpng16-CVE-2026-22695.patch CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_* * libpng16-CVE-2026-22801.patch ++++ libpng16: - security update - added patches * libpng16-CVE-2025-22801.patch CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read * libpng16-CVE-2026-22695.patch CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_* * libpng16-CVE-2026-22801.patch ++++ libpng16: - security update - added patches * libpng16-CVE-2025-22801.patch CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read * libpng16-CVE-2026-22695.patch CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_* * libpng16-CVE-2026-22801.patch ++++ vlc: - Change compression type of tarball to tar.xz: 3rd-party OBS instances build VLC also for older distros, which might not understand zstd compression. ++++ wireshark: - Wireshark 4.4.13 * CVE-2026-0961: BLF file parser crash (bsc#1256738). * CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734). * CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739). - Many more features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html ++++ micro-editor: - Update to version 2.0.15: * truecolor (supersedes the MICRO_TRUECOLOR environment variable) * showchars (deprecates indentchar) * lockbindings for completely disallowing plugins to modify keybindings * helpsplit for changing default split type for the help command * pageoverlap for setting number of lines kept during page up/page down * Added FirstTab, LastTab, FirstSplit and LastSplit commands * SkipMultiCursorBack as a counterpart to SkipMultiCursor * CursorToViewTop, CursorToViewCenter, CursorToViewBottom * Duplicate for duplicating the selection only, not the whole line * Plugins never write to settings.json or bindings.json anymore * Add onBufferOptionChanged callback * Add SpawnCursorAtLoc() * Expose bufpane's DoubleClick and TripleClick to plugins * Pass mouse info to {on,pre}MouseXXX callbacks * Support goto statement from Lua 5.2 * Various Syntax Highlighting improvements ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ++++ openQA: - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration ------------------------------------------------------------------ ------------------ 2026-1-14 - Jan 14 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 140.7.0 ESR MFSA 2026-05 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - added patches: * chromium-144-rust-adler2.patch (with system rust-1.86, we still have adler2) * chromium-144-revert_gfx_value_or.patch (looks like third_party/skia is outdated) * chromium-144-revert-libxml-2.13.patch (conditionally applied if libxml < 2.13) - modified patches: * chromium-125-compiler.patch * chromium-127-bindgen.patch * chromium-127-rust-clanglib.patch (rust nightly features are now guarded, drop hunk) * gcc-enable-lto.patch * ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch * ppc-fedora-0002-regenerate-xnn-buildgn.patch (regenerated) - dropped patches: * ppc-fedora-fix-clang-selection.patch (upstream) * chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch * chromium-142-rust-revert_should_panic.patch - keeplibs: added third_party/perfetto/protos/third_party/pprof (pulled in) - gn buildflags: * drop duplicate "use_sysroot=false" * add "chrome_pgo_phase=0" as in debian and fedora - use noopenh264 where available ++++ kernel-64kb: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-64kb: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-64kb: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-azure: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-azure: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-azure: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-default: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-default: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-default: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-rt: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-rt: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-rt: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ dtb-aarch64: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ dtb-aarch64: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ dtb-aarch64: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ emacs: * Add patch desktop.patch and then remove dependency on update-desktop-files (jsc#PED-15201) ++++ image-janitor: - Remove obscpio file, not needed ++++ java-17-openjdk: - Added patch: * bsc_1255446.patch + OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446) - Do not depend on update-desktop-files (jsc#PED-14507 and jsc#PED-15216) ++++ java-21-openjdk: - Do not depend on update-desktop-files (jsc#PED-14507 and jsc#PED-15217) ++++ java-25-openjdk: - Do not depend on update-desktop-files (jsc#PED-14507 and jsc#PED-15221) ++++ kernel-source: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-source: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-source: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-docs: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-docs: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-docs: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-kvmsmall: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-kvmsmall: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-kvmsmall: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-build: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-build: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-build: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-qa: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-qa: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-obs-qa: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-syms: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-syms: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-syms: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-zfcpdump: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-zfcpdump: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - commit a1c2afd - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 7117c37 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ kernel-zfcpdump: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 6c6193f - ice: fix PTP cleanup on driver removal in error path (CVE-2025-68215 bsc#1255226). - commit eb213a2 - KVM: VMX: Clean up and macrofy x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch. - Refresh patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch. - commit 03cc358 - KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp() (git-fixes). - commit 2d0bc5c - KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c and tweak name (git-fixes). - Refresh patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch. - commit 6b2a898 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit ed9cc2b - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit 8c412fd ++++ libsoup: - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ++++ libsoup: - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ++++ libzypp: - Avoid libcurl-mini4 when building as it does not support ftp protocol. - Translation: updated .pot file. - version 17.38.1 (35) ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ os-autoinst: - Update to version 5.1768317525.86a9a7f: * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG ++++ python-filelock: - Add CVE-2026-22701.patch to fix CVE-2026-22701 (bsc#1256457) ------------------------------------------------------------------ ------------------ 2026-1-13 - Jan 13 2026 ------------------- ------------------------------------------------------------------ ++++ alloy: - update to 1.12.2: * Bug Fixes - Add missing configuration parameter deployment_name_from_replicaset to k8sattributes processor (5b90a9d) (@dehaansa) - database_observability: Fix schema_details collector to fetch column definitions with case sensitive table names (#4872) (560dff4) (@jharvey10, @fridgepoet) - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10) - deps: Update npm dependencies [backport] (#5201) (8e06c26) (@jharvey10) - Ensure the squid exporter wrapper properly brackets ipv6 addresses [backport] (#5205) (e329cc6) (@dehaansa) - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e) (@kalleep) - Prevent panic in import.git when update fails [backport] (#5204) (c82fbae) (@dehaansa, @jharvey10) - show correct fallback alloy version instead of v1.13.0 (#5110) (b72be99) (@dehaansa, @jharvey10) ++++ apache-parent: - Update to 37: * New features and improvements + Disable parallel PUT on release ++++ avahi: - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ++++ avahi-glib2: - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ++++ kernel-64kb: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-64kb: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-64kb: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-azure: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-azure: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-azure: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-default: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-default: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-default: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-rt: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-rt: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-rt: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ cockpit-repos: - Update to version 4.6 * Translation updates * Dependency updates * Fix translations pot file not being update ++++ cockpit-repos: - Update to version 4.6 * Translation updates * Dependency updates * Fix translations pot file not being update ++++ dtb-aarch64: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ dtb-aarch64: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ dtb-aarch64: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ flint: - Add c23.patch, fixing a compile error for downstream users when using -std=c23 or a newer GCC which defaults to such. ++++ hauler: - Update to version 1.4.0: * added/updated logging for `serve` and `remove` (#487) * added/fixed helm chart images/dependencies features (#485) * more experimental feature updates (#486) * add experimental notes (#483) * updated tempdir flag to store persistent flags (#484) * delete artifacts from store (#473) * path rewrites (#475) * updated/fixed workflow dependency versions (#478) ++++ junit5: - Update to upstream version 5.14.2 * Principal changes: + Introduce @ClassTemplate and @ParameterizedClass support in JUnit Jupiter + Access to ParameterInfo for JUnit Jupiter extensions + New @SentenceFragment annotation for use with IndicativeSentences display name generator + Add --redirect-stdout and --redirect-stderr options to ConsoleLauncher + Introduce test discovery support in EngineTestKit + Reporting of discovery issues for test engines + Resource management for launcher sessions and execution requests + GraalVM: removal of native-image.properties files from JARs + Bug fixes and other minor improvements + Deprecations along with new APIs to ease migration to JUnit 6 - Modified patches: * 0001-Drop-transitive-requirement-on-apiguardian.patch * 0002-Add-missing-module-static-requires.patch + rediff - Removed patch: * 0003-Bump-open-test-reporting-to-0.1.0-M2.patch + not needed - Added patches: * 0003-Remove-legacy-XML-console-support.patch + Remove legacy XML console support * 0004-Add-JRE-class-generated-from-template.patch + Add file that is normally generated from template by gradle ++++ junit5-minimal: - Update to upstream version 5.14.2 * Principal changes: + Introduce @ClassTemplate and @ParameterizedClass support in JUnit Jupiter + Access to ParameterInfo for JUnit Jupiter extensions + New @SentenceFragment annotation for use with IndicativeSentences display name generator + Add --redirect-stdout and --redirect-stderr options to ConsoleLauncher + Introduce test discovery support in EngineTestKit + Reporting of discovery issues for test engines + Resource management for launcher sessions and execution requests + GraalVM: removal of native-image.properties files from JARs + Bug fixes and other minor improvements + Deprecations along with new APIs to ease migration to JUnit 6 - Modified patches: * 0001-Drop-transitive-requirement-on-apiguardian.patch * 0002-Add-missing-module-static-requires.patch + rediff - Removed patch: * 0003-Bump-open-test-reporting-to-0.1.0-M2.patch + not needed - Added patches: * 0003-Remove-legacy-XML-console-support.patch + Remove legacy XML console support * 0004-Add-JRE-class-generated-from-template.patch + Add file that is normally generated from template by gradle ++++ kernel-source: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-source: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-source: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-docs: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-docs: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-docs: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-kvmsmall: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-kvmsmall: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-kvmsmall: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-build: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-build: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-build: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-qa: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-qa: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-obs-qa: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-syms: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-syms: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-syms: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-zfcpdump: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-zfcpdump: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ kernel-zfcpdump: - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704) - commit 7bdb299 - sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202) - commit 22f9135 - btrfs: fix reservation leak in some error paths when inserting inline extent (git-fixes). - commit 362a620 - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (git-fixes). - commit 38b35b2 - btrfs: fix the qgroup data free range for inline data extents (git-fixes). - commit 9d6cfa8 - btrfs: always detect conflicting inodes when logging inode refs (git-fixes). - commit 626d828 - btrfs: release path before initializing extent tree in btrfs_read_locked_inode() (git-fixes). - commit 78aa23f - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit af9447d - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit b80b147 - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344. - commit 031e354 - net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353 bsc#1255533). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 0edf819 - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 4f8b390 ++++ avahi-qt6: - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ++++ s390-tools: - Upgrade s390-tools to 2.40 (jsc#PED-14586) - Add new tools / libraries: * Add project-wide .clang-tidy configuration * libutil: Introduce util_time for time related functionality * libutil: Introduce zsh/bash autocompletion tooling based on util_opt * pvinfo: Tool to display Secure Execution system information * pvverify: Tool to verify host-key documents - Changes of existing tools: * cpumf: Implement zsh and bash autocompletion * dasdfmt: Implement zsh and bash autocompletion * dbginfo.sh: Add NetworkManager and netplan * dbginfo.sh: Add kvm_stat * dbginfo.sh: Adding stp time information * dbginfo.sh: Simplify procfs collection * hyptop: Add physical information row * hyptop: Calculate sample time delta for physical partition * hyptop: Replace long option names using _ with - for consistency For example: --cpu_types -> --cpu-types (Options with _ are still supported for backward compatibility) * libekmfweb: Add function to validate a certificate against the identity key * netboot: Add longer kernel command lines support * udev/rules.d: Make virtio-blk devices non-rotational * udev/rules.d: Set default io scheduler to 'none' for virtio-blk * ziomon: Add support to sample device symlinks (/dev/disk/...) * ziorep_config: Add fcp-lun details to -M option output * ziorep_config: Add port_id and failed attributes to -A option output * netboot: Install on non-s390 architectures - Bug Fixes: * lib(ekmfweb|kmipclient): Use ln without -r * s390-tools: Fix various compilation issues with musl libc * zipl/boot: Fix unused loadparm when SCLP line-mode console is absent - Reworked patches * s390-tools-sles12-create-filesystem-links.patch * s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch * s390-tools-sles12-zipl_boot_msg.patch * s390-tools-sles15-sysconfig-compatible-dumpconf.patch * s390-tools-sles15sp3-Allow-multiple-device-arguments.patch * s390-tools-sles15sp3-Format-devices-in-parallel.patch * s390-tools-sles15sp3-Implement-Y-yast_mode.patch * s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch * s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch - Removed obsolete patch * s390-tools-sles15sp5-remove-no-pie-link-arguments.patch - Applied additional patch * s390-tools-sles15sp3-Format-devices-in-parallel-1.patch - Re-vendor-ed vendor.tar.zst - Amended the .spec file, fixed Rust compilation errors ++++ polymake: - Enable polydb for Tumbleweed / suse_version>=1690 - Reenable callable library mode [boo#1256453] ++++ systemd: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081 bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. ++++ systemd: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081 bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. ++++ maven-parent: - Upgrade to Apache Maven parent POM version 47 * Dependency updates + Bump parent to 37 + Bump org.junit:junit-bom from 5.14.1 to 5.14.2 ++++ nvidia-open-driver-G06-signed-cuda: - kernel-5.14.patch * fixes build for sle15-sp4 ++++ nvidia-open-driver-G06-signed-cuda: - kernel-5.14.patch * fixes build for sle15-sp4 ++++ nvidia-open-driver-G06-signed: - kernel-5.14.patch * fixes build for sle15-sp4 ++++ nvidia-open-driver-G06-signed: - kernel-5.14.patch * fixes build for sle15-sp4 ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page ++++ orthanc: - dcmtk 370 breaks TW build * 370dir.diff and dcmtk370.patch (from orthanc development) added ++++ python-urllib3: - Add CVE-2026-21441.patch to fix excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331, CVE-2026-21441) ++++ python-urllib3: - Add CVE-2026-21441.patch to fix excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331, CVE-2026-21441) ++++ python-virtualenv: - Add patch CVE-2026-22702.patch to fix CVE-2026-22702 (bsc#1256458) ------------------------------------------------------------------ ------------------ 2026-1-12 - Jan 12 2026 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20260112.8f614f3: * add ghost entries for the removed dirs * Revert list directories above all normal files. ++++ ansible-sap-launchpad: Refactor Ansible Modules and adjust for ansible-core 2.19. - 1.3.1 - Bugfixes: - collection: Add ansible-test sanity workflow and fix sanity errors - 1.3.0 - Changes: - collection: Refactor all Ansible Modules - sap_software_download: Update for ansible-core 2.19 - Bugfixes: - sap_software_download: Fix for failed checksums not correctly retrying ++++ scanner-databases: - database refresh on 2026-01-12 (bsc#1084929) ++++ kernel-64kb: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-64kb: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-64kb: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-azure: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-azure: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-azure: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-default: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-default: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-default: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-rt: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-rt: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-rt: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ dtb-aarch64: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ dtb-aarch64: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ dtb-aarch64: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-source: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-source: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-source: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-docs: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-docs: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-docs: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-kvmsmall: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-kvmsmall: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-kvmsmall: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-build: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-build: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-build: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-qa: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-qa: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-obs-qa: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-syms: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-syms: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-syms: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-zfcpdump: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-zfcpdump: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ kernel-zfcpdump: - perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359 bsc#1255087). - commit ed1e93a - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit 02d60e0 - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). - Refresh patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch. - commit 6b04345 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - commit 9f14cfe - crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243) - commit 7e8f708 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242) - commit 766431f - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - commit d55882c - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit 2373a9d - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit 143566d - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit 594b86e - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch (git-fixes CVE-2025-68344 bsc#1255816). - Update patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch (git-fixes CVE-2025-40344 bsc#1254618). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch (git-fixes CVE-2025-40294 bsc#1255181). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch (git-fixes CVE-2025-40213 bsc#1253674). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch (git-fixes CVE-2025-68298 bsc#1255124). - Update patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch (git-fixes CVE-2025-68306 bsc#1255145). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch (git-fixes CVE-2025-40266 bsc#1255040). - Update patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch (git-fixes CVE-2025-68242 bsc#1255186). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch (git-fixes CVE-2025-68749 bsc#1255724). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch (git-fixes CVE-2025-40353 bsc#1255312). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch (git-fixes CVE-2025-40235 bsc#1254808). - Update patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch (git-fix CVE-2025-40303 bsc#1255058). - Update patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch (git-fixes CVE-2025-40209 bsc#1254128). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch (git-fixes CVE-2025-68342 bsc#1255508). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch (git-fixes CVE-2025-68343 bsc#1255509). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch (stable-fixes CVE-2025-40354 bsc#1255316). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch (stable-fixes CVE-2025-68190 bsc#1255131). - Update patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch (stable-fixes CVE-2025-68230 bsc#1255134). - Update patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch (stable-fixes CVE-2025-40339 bsc#1255428). - Update patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch (stable-fixes CVE-2025-40289 bsc#1255042). - Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch (stable-fixes CVE-2025-68201 bsc#1255136). - Update patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch (bsc#1243112 CVE-2025-40332 bsc#1255116). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch (git-fixes CVE-2025-68184 bsc#1255220). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (git-fixes CVE-2025-68747 bsc#1255723). - Update patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch (git-fixes CVE-2025-68748 bsc#1255813). - Update patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch (git-fixes CVE-2025-40225 bsc#1254827). - Update patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch (git-fixes CVE-2025-68170 bsc#1255256). - Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch (git-fixes CVE-2025-68181 bsc#1255247). - Update patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch (stable-fixes CVE-2025-68223 bsc#1255357). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch (git-fixes CVE-2025-40360 bsc#1255095). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch (stable-fixes CVE-2025-40340 bsc#1254996). - Update patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch (git-fixes CVE-2025-68207 bsc#1255234). - Update patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch (git-fixes CVE-2025-68210 bsc#1255231). - Update patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch (git-fixes CVE-2025-40287 bsc#1255030). - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (git-fixes CVE-2025-68351 bsc#1255567). - Update patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch (git-fixes CVE-2025-40307 bsc#1255039). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch (git-fixes CVE-2025-40226 bsc#1254821). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch (git-fixes CVE-2025-68167 bsc#1255099). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch (git-fixes CVE-2025-68213 bsc#1255228). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch (git-fixes CVE-2025-40221 bsc#1254519). - Update patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch (git-fixes CVE-2025-40302 bsc#1255196). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch (git-fixes CVE-2025-40337 bsc#1255081). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch (git-fixes CVE-2025-40212 bsc#1254195). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch (git-fixes CVE-2025-40240 bsc#1254869). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (git-fixes CVE-2025-40320 bsc#1254793). - Update patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch (git-fixes CVE-2025-68352 bsc#1255541). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch (stable-fixes CVE-2025-68255 bsc#1255395). - Update patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch (stable-fixes CVE-2025-68311 bsc#1255161). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch (git-fixes CVE-2025-68327 bsc#1255488). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c0f554e ++++ net-snmp: - Fix snmptrapd buffer overflow (bsc#1255491, CVE-2025-68615). Add net-snmp-5.9.4-fix-out-of-bounds-trapOid-access.patch ++++ libsoup: - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). ++++ minisign: - Bugfix: * bugfix: duplicate command-line arguments [7dfdb3c] * Add minisign-dup-command-line-args.patch - Security fix: [gpg.fail/trustcomment] * Trusted comment injection (minisign) [6c59875] * trim(): only trim trailing \r\n, reject straight \r characters * Add minisign-gpg.fail-trustcomment.patch - Security fix: [gpg.fail/minisign] * Trusted comment injection (minisign) [a10dc92] * Bail out if the signature file contains unprintable characters * Add minisign-gpg.fail-minisign.patch ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ++++ openQA: - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" ------------------------------------------------------------------ ------------------ 2026-1-11 - Jan 11 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-64kb: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-64kb: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-azure: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-azure: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-azure: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-default: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-default: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-default: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-rt: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-rt: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-rt: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ dtb-aarch64: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ dtb-aarch64: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ dtb-aarch64: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-source: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-source: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-source: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-docs: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-docs: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-docs: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-kvmsmall: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-kvmsmall: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-kvmsmall: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-build: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-build: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-build: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-qa: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-qa: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-obs-qa: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-syms: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-syms: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-syms: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-zfcpdump: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-zfcpdump: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ kernel-zfcpdump: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 8c83315 ++++ libzypp: - zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. - cmake: correctly detect rpm6 (fixes #689) - Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) - zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) - version 17.38.0 (35) ------------------------------------------------------------------ ------------------ 2026-1-10 - Jan 10 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-64kb: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-64kb: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-azure: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-azure: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-azure: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-default: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-default: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-default: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-rt: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-rt: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-rt: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ dtb-aarch64: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ dtb-aarch64: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ dtb-aarch64: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-source: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-source: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-source: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-docs: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-docs: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-docs: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-kvmsmall: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-kvmsmall: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-kvmsmall: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-build: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-build: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-build: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-qa: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-qa: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-obs-qa: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-syms: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-syms: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-syms: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-zfcpdump: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-zfcpdump: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ kernel-zfcpdump: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit f18c9f6 ++++ python-pynetbox: - Update to version 7.6.0 Breaking Changes * Moved ObjectChange to core for NetBox 4.1.0 compatibility. New Features * Added support for v2 Tokens introduced in NetBox 4.5.0. Enhancements * Add SVG support for Rack Elevation endpoint. Bugfixes * Add token when getting NetBox version to prevent 403 error. ------------------------------------------------------------------ ------------------ 2026-1-9 - Jan 9 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-64kb: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-64kb: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-azure: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-azure: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-azure: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-default: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-default: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-default: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-rt: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-rt: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-rt: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ python-kiwi: - Fixed ramdisk sysroot generator Do not use a custom _dev name and stick with the UUID representation of the disk image in RAM after deployment. Former versions of udev did not create a by-uuid device representation which now seems to have changed. This then leads to the device name RamDisk_rootfs not being created the and respective .device unit times out. In addition the timer unit for the standard device representation changed to infinity. This fixes bsc#1254116 ++++ dtb-aarch64: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ dtb-aarch64: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ dtb-aarch64: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ gnuhealth: - version 5.0.5 * optimizations to language files * various fixes * install_demo_database.sh added ++++ gnuhealth-client: - version 5.0.1 * Fix issue #11. default settings for federation.gnhealth.org not working * allow Python 3.14 ++++ kernel-source: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-source: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-source: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-docs: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-docs: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-docs: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-kvmsmall: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-kvmsmall: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-kvmsmall: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-build: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-build: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-build: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-qa: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-qa: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-obs-qa: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-syms: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-syms: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-syms: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-zfcpdump: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-zfcpdump: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ kernel-zfcpdump: - io_uring/zctx: check chained notif contexts (CVE-2025-68317 bsc#1255354). - commit b895dee - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 7120bdc - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 763d99d - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - commit 021ac24 - PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes). - Refresh patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch. - commit 0f681e6 - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - serial: xilinx_uartps: fix rs485 delay_rts_after_send (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: lkkbd - disable pending work before freeing device (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (stable-fixes). - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (stable-fixes). - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (git-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes). - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (stable-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - firmware: imx: Add stub functions for SCMI MISC API (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - commit 52a2394 - net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357 bsc#1255097). - commit ef3290b - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit 0428a24 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit ab66ed0 ++++ keylime: - Add missing pyasn1 dependency ++++ syslogd: - Do not masked out the already existing %ghost file entry (Accordingly to Packaging for Immutable Mode - Best Practices) ++++ openvswitch: - Update OVN to 25.03.2 - Bug fixes - Dynamic Routing: * Add the option "dynamic-routing-redistribute-local-only" to Logical Routers and Logical Router Ports which refines the way in which chassis-specific Advertised_Routes (e.g., for NAT and LB IPs) are advertised. * Add the option "dynamic-routing-vrf-id" to Logical Routers which allows CMS to specify the Linux routing table id for a given vrf. - Add ovn-nbctl lsp-add-router-port which will create router port on specified LS. - Add ovn-nbctl lsp-add-localnet-port which will create localnet port on specified LS. ++++ libsoup2: - Add libsoup2-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ++++ libsoup: - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ++++ systemd: - systemd-update-helper: clean up the flags immediately after they have been consumed (no functional changes). - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. These workarounds were hold to address old issues that no longer exist in recent versions of systemd. For systems upgrading to this version, we assume these issues have already been fixed by the fixlet scripts still shipped by the previous distribution. Only the logig warning users about the deprecated usage of the main configuration files (favoring drop-in files) is preserved. ++++ systemd: - systemd-update-helper: clean up the flags immediately after they have been consumed (no functional changes). - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. These workarounds were hold to address old issues that no longer exist in recent versions of systemd. For systems upgrading to this version, we assume these issues have already been fixed by the fixlet scripts still shipped by the previous distribution. Only the logig warning users about the deprecated usage of the main configuration files (favoring drop-in files) is preserved. ++++ libtasn1: - Update to libtasn1 4.21.0: [bsc#1256341, CVE-2025-13151] * Undocumented asn1Decoding --debug flag removed. * Code coverage for src/ went from 35% to 82%. * Fix of ASN.1 typo in manual. * NEWS renamed to NEWS.md and uses markdown syntax. * Update gnulib files and various build/maintenance fixes. * Fix for vulnerability CVE-2025-13151 Stack-based buffer overflow: - libtasn1: stack-based buffer overflow in asn1_expend_octet_string() ++++ man: - Do not masked out the already existing %ghost file entry (Accordingly to Packaging for Immutable Mode - Best Practices) ++++ perl-Perl-Tidy: - updated to 20260109.0.0 (20260109) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md [#]# 2026 01 09 - A new parameter --break-at-old-trailing-loops, or -botl, keeps existing line breaks at these trailing loop control keywords: 'for', 'foreach', 'while', 'until'. This is the default. For example, given the following two input lines: FindExt::scan_ext("../$_") foreach qw(cpan dist ext); The new default keeps two lines. The previous version flattened the statement, since it fits on a single line: FindExt::scan_ext("../$_") foreach qw(cpan dist ext); Use -nbotl to deactivate this new option. - A related new parameter --break-at-old-trailing-conditionals, or -botc keeps existing line breaks at trailing conditional control keywords: 'if', 'unless'. This is the default. The capability was previously handled by parameter --break-at-old-logical-breakpoints, or -bol, which was also true by default, but which also also controls logical breakpoints, such as '&&'. This change simplifies the input. Use -nbotc to deactivate this option. - A new switch --blanks-before-opening-comments, -bboc, has been added for issue git #192. This is on by default and allows perltidy to insert a blank line before full-line comments which start at a new indentation level. Use the negated form to prevent such blank lines, -nbboc or --noblanks-before-opening-comments - A new parameter --dump-keyword-usage, or -dku, can be used to dump a list of the the perl builtin keywords used in a file. A companion flag - -dump-keyword-usage-list=s can be used to give a specific list of keywords or user functions to be included in the list. - When the -html option is used with the default --pod2html setting, perltidy will look for a pod-to-html formatter in this order: Pod::Simple::XHTML, Pod::Simple::HTML, and Pod::Html. A preferred formatter can be selected with --use-pod-formatter=s. Previously the only option was Pod::Html, and it can still be selected with - -use-pod-formatter="Pod::Html". The reason for this update is that this older formatter has limitations, and requires the creation of a temporary file for data transfer. This update also allows formatting of pod text containing non-ascii characters. - When perltidy is run with the -html option, and pod is rendered to html with Pod::Html, the pod2html option 'backlink' could not be set in in previous versions due to a programming error. This has been fixed. This setting can now be made by giving perltidy the flag '--podbacklink'. - The default for --timeout-in-seconds is reduced from 10 to 5 seconds. A default value of 10 seemed excessive. It can be changed with -tos=n. - The option --delete-weld-interfering-commas, or -dwic, has been made much more accurate. It now makes fewer unnecessary comma deletions. - This version does more extensive checking of all string input parameters and will exit early on an error. The intention is to catch input errors as early as possible. - Fixed issue with --dump-mixed-call-parens. A trailing statement modifier such as the following 'if' was incorrectly being counted as having parens: return $class if ($old_quote - $new_quote) == 0; ++++ python-marshmallow: - Add CVE-2025-68480.patch to fix CVE-2025-68480 (bsc#1255473) ++++ tailscale: - Update to version 1.92.5: * types/persist: omit Persist.AttestationKey based on IsZero * disable hardware attestation for kubernetes * allow opting out of ACME order replace extension - Update to version 1.92.4: * nothing of importance ------------------------------------------------------------------ ------------------ 2026-1-8 - Jan 8 2026 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.0 ESR * Fixed: Various security fixes. MFSA 2026-03 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.0 ESR * Fixed: Various security fixes. MFSA 2026-03 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.0 ESR * Fixed: Various security fixes. MFSA 2026-03 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 ++++ MozillaFirefox: - Firefox Extended Support Release 140.7.0 ESR * Fixed: Various security fixes. MFSA 2026-03 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 ++++ scanner-databases: - database refresh on 2026-01-08 (bsc#1084929) ++++ kernel-64kb: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-64kb: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-64kb: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-azure: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-azure: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-azure: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-default: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-default: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-default: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-rt: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-rt: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-rt: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ cockpit-repos: - Update to version 4.5 fixes bsc#1255425 (CVE-2025-64718): * Dependency updates ++++ cockpit-repos: - Update to version 4.5 fixes bsc#1255425 (CVE-2025-64718): * Dependency updates ++++ cockpit-subscriptions: - Update to version 12.1 * Update js-yaml to backpatch bsc#1255425/CVE-2025-64718 ++++ cockpit-subscriptions: - Update to version 12.1 * Update js-yaml to backpatch bsc#1255425/CVE-2025-64718 ++++ coredns: - fix CVE-2025-68156 bsc#1255345 - fix CVE-2025-68161 bsc#1256411 - Update to version 1.14.0: * core: Fix gosec G115 integer overflow warnings * core: Add regex length limit * plugin/azure: Fix slice init length * plugin/errors: Add optional show_first flag to consolidate directive * plugin/file: Fix for misleading SOA parser warnings * plugin/kubernetes: Rate limits to api server * plugin/metrics: Implement plugin chain tracking * plugin/sign: Report parser err before missing SOA * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7 - Update to version 1.13.2: * core: Add basic support for DoH3 * core: Avoid proxy unnecessary alloc in Yield * core: Fix usage of sync.Pool to save an alloc * core: Fix data race with sync.RWMutex for uniq * core: Prevent QUIC reload panic by lazily initializing the listener * core: Refactor/use reflect.TypeFor * plugin/auto: Limit regex length * plugin/cache: Remove superfluous allocations in item.toMsg * plugin/cache: Isolate metadata in prefetch goroutine * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil packages * plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy * plugin/file: Performance finetuning * plugin/forward: Disallow NOERROR in failover * plugin/forward: Added support for per-nameserver TLS SNI * plugin/forward: Prevent busy loop on connection err * plugin/forward: Add max connect attempts knob * plugin/geoip: Add ASN schema support * plugin/geoip: Add support for subdivisions * plugin/kubernetes: Fix kubernetes plugin logging * plugin/multisocket: Cap num sockets to prevent OOM * plugin/nomad: Support service filtering * plugin/rewrite: Pre-compile CNAME rewrite regexp * plugin/secondary: Fix reload causing secondary plugin goroutine to leak - Update to version 1.13.1: * core: Avoid string concatenation in loops * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes * plugin/sign: Reject invalid UTF‑8 dbfile token - Update to version 1.13.0: * core: Export timeout values in dnsserver.Server * core: Fix Corefile infinite loop on unclosed braces * core: Fix Corefile related import cycle issue * core: Normalize panics on invalid origins * core: Rely on dns.Server.ShutdownContext to gracefully stop * plugin/dnstap: Add bounds for plugin args * plugin/file: Fix data race in tree Elem.Name * plugin/forward: No failover to next upstream when receiving SERVFAIL or REFUSED response codes * plugin/grpc: Enforce DNS message size limits * plugin/loop: Prevent panic when ListenHosts is empty * plugin/loop: Avoid panic on invalid server block * plugin/nomad: Add a Nomad plugin * plugin/reload: Prevent SIGTERM/reload deadlock ++++ gpg2: - Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy) * gpg: Fix possible memory corruption in the armor parser [T7906] * Add gnupg-CVE-2025-68973.patch - Security fix: [bsc#1256246] (gpg.fail/sha1) * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904] * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch - Security fix: [bsc#1256244] (gpg.fail/detached) * gpg: Error out on unverified output for non-detached signatures [T7903] * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch - Security fix: [bsc#1256390] (gpg.fail/notdash) * gpg2: Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG * Add patch gnupg-notdash-escape.patch ++++ gpg2: - Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy) * gpg: Fix possible memory corruption in the armor parser [T7906] * Add gnupg-CVE-2025-68973.patch - Security fix: [bsc#1256246] (gpg.fail/sha1) * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904] * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch - Security fix: [bsc#1256244] (gpg.fail/detached) * gpg: Error out on unverified output for non-detached signatures [T7903] * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch - Security fix: [bsc#1256390] (gpg.fail/notdash) * gpg2: Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG * Add patch gnupg-notdash-escape.patch ++++ dtb-aarch64: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ dtb-aarch64: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ dtb-aarch64: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ golang-github-prometheus-prometheus: - Drop patch files: * 0003-Bump-go-retryablehttp.patch * 0004-Bump-go-net.patch - Add 0003-Bump-node-forge.patch * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release. * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. - Update to 3.4.0: * [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. - Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. - Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. - Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. - Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. - Update to 3.0.0: This release includes new features such as a brand new UI and UTF-8 support enabled by default. * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. - Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. - Update to 2.54.0: This release brings a release candidate of a major new version of Remote Write: 2.0. * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. ++++ golang-github-prometheus-prometheus: - Drop patch files: * 0003-Bump-go-retryablehttp.patch * 0004-Bump-go-net.patch - Add 0003-Bump-node-forge.patch * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release. * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. - Update to 3.4.0: * [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. - Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. - Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. - Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. - Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. - Update to 3.0.0: This release includes new features such as a brand new UI and UTF-8 support enabled by default. * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. - Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. - Update to 2.54.0: This release brings a release candidate of a major new version of Remote Write: 2.0. * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. ++++ kernel-source: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-source: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-source: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-docs: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-docs: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-docs: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-kvmsmall: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-kvmsmall: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-kvmsmall: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-build: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-build: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-build: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-qa: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-qa: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-obs-qa: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-syms: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-syms: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-syms: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-zfcpdump: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-zfcpdump: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ kernel-zfcpdump: - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit 859fca4 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 700befa - cifs: do not disable interface polling on failure (git-fixes). - commit 87a748d - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit c445274 - cifs: serialize other channels when query server interfaces is pending (git-fixes). - commit 202c543 - cifs: dns resolution is needed only for primary channel (git-fixes). - commit 47e47ab - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit cd217a8 - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit a324ea9 - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit e15b950 - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit f11d74a - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 2983172 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit 46250e7 - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit c23012b - fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809 CVE-2025-40237). - commit 70d7e44 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 6c51c0b - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964) - commit a3828d9 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 799eb50 - net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121) - commit 15ce001 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit a5a7e57 - Refresh patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch. - Refresh patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch. - Refresh patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch. - Refresh patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch. - Refresh patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch. - Refresh patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch. - Refresh patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch. - Refresh patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch. - Refresh patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch. - Refresh patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch. - Refresh patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch. - commit b565804 - mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293 bsc#1255150). - commit 1dd8abe - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit b6a4633 ++++ keylime: - Use tmpfiles.d for /var directories (PED-14735) - Update to version 7.13.0+55: * [Automatic] Update Keylime base image 2026-01-05 * docs: Document claims response from /verify/evidence * verify/evidence: Use tee label for TEE verification * verify/evidence: Change valid response to boolean * tee/snp: Return SEV-SNP claims upon successful verification * verify/evidence: Return TPM claims in response * verify/evidence: Define empty response fields * [Automatic] Update Keylime base image 2025-12-14 * Fix TypeError when using -m flag without IMA measurement list path * Increase maximum_attestation_interval * Do not require wheel for building * Add session.refresh() before process_get_status() * Fix PUSH mode attestation status race condition * Add consecutive_attestation_failures column to legacy VerfierMain model * Remove operational_state field from status response in push mode ++++ libsodium: - Security fix: [bsc#1256070, CVE-2025-15444] * check Y==Z in addition to X==0 * Add patch libsodium-CVE-2025-15444.patch ++++ libsoup2: - Add libsoup2-CVE-2025-14523.patch: Reject duplicated Host in headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491). ++++ libsoup: - Add libsoup-CVE-2025-14523.patch: Reject duplicated Host in headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491). ++++ openQA: - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ openQA: - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables ++++ opensuse-migration-tool: - Update to version 20260106.d2cfd39: * Update scripts/20_pulse2pipewire.sh * Update scripts/20_ia32.sh * Update scripts/20_pulse2pipewire.sh * Consistent no-use of sudo in migration scripts * Update scripts/10_keepapparmor.sh * Update scripts/10_keepselinux.sh * Update scripts/10_keepapparmor.sh * Update scripts/10_keepapparmor.sh * Update opensuse-migration-tool * Update scripts/10_keepselinux.sh * Improve DRYRUN option to work well even from scripts * Enable migration to SElinux with proper dryrun * Update 10_keepselinux.sh * Update 10_keepapparmor.sh * Update 10_keepapparmor.sh ++++ opensuse-migration-tool: - Update to version 20260106.d2cfd39: * Update scripts/20_pulse2pipewire.sh * Update scripts/20_ia32.sh * Update scripts/20_pulse2pipewire.sh * Consistent no-use of sudo in migration scripts * Update scripts/10_keepapparmor.sh * Update scripts/10_keepselinux.sh * Update scripts/10_keepapparmor.sh * Update scripts/10_keepapparmor.sh * Update opensuse-migration-tool * Update scripts/10_keepselinux.sh * Improve DRYRUN option to work well even from scripts * Enable migration to SElinux with proper dryrun * Update 10_keepselinux.sh * Update 10_keepapparmor.sh * Update 10_keepapparmor.sh ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ++++ os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes ------------------------------------------------------------------ ------------------ 2026-1-7 - Jan 7 2026 ------------------- ------------------------------------------------------------------ ++++ apache-parent: - Update to 36: * Breaking changes + Update minimum maven version to match current stable version (3.6.3 -> 3.9) + Introduce javaVersion property for maven.compiler.* configuration + Switch JDK >= 9 to only use maven.compiler.release * New features and improvements + Add default specification and implementation for javadoc and source manifest entries * Documentation updates + Clarify how to use Apache Snapshot repository + activate Fluido skin's anchorJs * Maintenance + Avoid - WARNING: Use of the three-letter time zone ID ... on JDK 25 for RAT plugin + feat: enable prevent branch protection rules ++++ kernel-64kb: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-64kb: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-64kb: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-azure: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-azure: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-azure: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-default: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-default: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-default: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-rt: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-rt: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-rt: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ samba: - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bso#15790); (bsc#1249058). ++++ samba: - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bso#15790); (bsc#1249058). ++++ curl: - Security fix: [bsc#1256105, CVE-2025-14017] * call ldap_init() before setting the options * Add patch curl-CVE-2025-14017.patch ++++ curl: - Security fix: [bsc#1256105, CVE-2025-14017] * call ldap_init() before setting the options * Add patch curl-CVE-2025-14017.patch ++++ dtb-aarch64: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ dtb-aarch64: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ dtb-aarch64: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ flake-pilot: - Bump version: 3.1.23 → 3.1.24 ++++ gimp: - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ++++ gimp: - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ++++ gimp: - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ++++ gimp: - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ++++ gimp: - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ++++ pipewire: - Add 0001-systemd-remove-RestrictNamespaces-from-service-file.patch to fix libcamera (boo#1217690) ++++ kernel-source: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-source: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-source: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-docs: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-docs: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-docs: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-kvmsmall: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-kvmsmall: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-kvmsmall: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-build: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-build: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-build: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-qa: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-qa: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-obs-qa: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-syms: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-syms: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-syms: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-zfcpdump: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-zfcpdump: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ kernel-zfcpdump: - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 9132138 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 0f51ab5 - ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103). - commit 9fee071 - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 9838be9 - ASoC: codecs: wcd937x: fix OF node leaks on probe failure (git-fixes). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (git-fixes). - commit 1cc2d04 ++++ rust-keylime: - Use tmpfiles.d for /var directories (PED-14736) + tmpfiles.keylime renamed to rust-keylime.conf and extended - Update to version 0.2.8+96: * build(deps): bump wiremock from 0.6.4 to 0.6.5 * build(deps): bump actions/checkout from 5 to 6 * build(deps): bump chrono from 0.4.41 to 0.4.42 * packit: Get coverage from Fedora 43 runs * Fix issues pointed out by clippy * Replace mutex unwraps with proper error handling in TPM library * Remove unused session request methods from StructureFiller * Fix config panic on missing ek_handle in push model agent * build(deps): bump tempfile from 3.21.0 to 3.23.0 * build(deps): bump actions/upload-artifact from 4 to 6 (#1163) * Fix clippy warnings project-wide * Add KEYLIME_DIR support for verifier TLS certificates in push model agent * Thread privileged resources and use MeasurementList for IMA reading * Add privileged resource initialization and privilege dropping to push model agent * Fix privilege dropping order in run_as() * add documentation on FQDN hostnames * Remove confusing logs for push mode agent * Set correct default Verifier port (8891->8881) (#1159) * Add verifier_url to reference configuration file (#1158) * Add TLS support for Registrar communication (#1139) * Fix agent handling of 403 registration responses (#1154) * Add minor README.md rephrasing (#1151) * build(deps): bump actions/checkout from 5 to 6 (#1153) * ci: update spec files for packit COPR build * docs: improve challenge encoding and async TPM documentation * refactor: improve middleware and error handling * feat: add authentication client with middleware integration * docker: Include keylime_push_model_agent binary * Include attestation_interval configuration (#1146) * Persist payload keys to avoid attestation failure on restart * crypto: Implement the load or generate pattern for keys * Use simple algorithm specifiers in certification_keys object (#1140) * tests: Enable more tests in CI * Fix RSA2048 algorithm reporting in keylime agent * Remove disabled_signing_algorithms configuration * rpm: Fix metadata patches to apply to current code * workflows/rpm.yml: Use more strict patching * build(deps): bump uuid from 1.17.0 to 1.18.1 * Fix ECC algorithm selection and reporting for keylime agent * Improve logging consistency and coherency * Implement minimal RFC compliance for Location header and URI parsing (#1125) * Use separate keys for payload mechanism and mTLS * docker: update rust to 1.81 for distroless Dockerfile * Ensure UEFI log capabilities are set to false * build(deps): bump http from 1.1.0 to 1.3.1 * build(deps): bump log from 0.4.27 to 0.4.28 * build(deps): bump cfg-if from 1.0.1 to 1.0.3 * build(deps): bump actix-rt from 2.10.0 to 2.11.0 * build(deps): bump async-trait from 0.1.88 to 0.1.89 * build(deps): bump trybuild from 1.0.105 to 1.0.110 * Accept evidence handling structures null entries * workflows: Add test to check if RPM patches still apply * CI: Enable test add-agent-with-malformed-ek-cert * config: Fix singleton tests * FSM: Remove needless lifetime annotations (#1105) * rpm: Do not remove wiremock which is now available in Fedora * Use latest Fedora httpdate version (1.0.3) * Enhance coverage with parse_retry_after test * Fix issues reported by CI regarding unwrap() calls * Reuse max retries indicated to the ResilientClient * Include limit of retries to 5 for Retry-After * Add policy to handle Retry-After response headers * build(deps): bump wiremock from 0.6.3 to 0.6.4 * build(deps): bump serde_json from 1.0.140 to 1.0.143 * build(deps): bump pest_derive from 2.8.0 to 2.8.1 * build(deps): bump syn from 2.0.90 to 2.0.106 * build(deps): bump tempfile from 3.20.0 to 3.21.0 * build(deps): bump thiserror from 2.0.12 to 2.0.16 * rpm: Fix patches to apply to current master code * build(deps): bump anyhow from 1.0.98 to 1.0.99 * state_machine: Automatically clean config override during tests * config: Implement singleton and factory pattern * testing: Support overriding configuration during tests * feat: implement standalone challenge-response authentication module * structures: rename session structs for clarity and fix typos * tpm: refactor certify_credential_with_iak() into a more generic function * Add Push Model Agent Mermaid FSM chart (#1095) * Add state to avoid exiting on wrong attestation (#1093) * Add 6 alphanumeric lowercase X-Request-ID header * Enhance Evidence Handling response parsing * build(deps): bump quote from 1.0.35 to 1.0.40 * build(deps): bump libc from 0.2.172 to 0.2.175 * build(deps): bump glob from 0.3.2 to 0.3.3 * build(deps): bump actix-web from 4.10.2 to 4.11.0 ++++ rust-keylime: - Use tmpfiles.d for /var directories (PED-14736) + tmpfiles.keylime renamed to rust-keylime.conf and extended - Update to version 0.2.8+96: * build(deps): bump wiremock from 0.6.4 to 0.6.5 * build(deps): bump actions/checkout from 5 to 6 * build(deps): bump chrono from 0.4.41 to 0.4.42 * packit: Get coverage from Fedora 43 runs * Fix issues pointed out by clippy * Replace mutex unwraps with proper error handling in TPM library * Remove unused session request methods from StructureFiller * Fix config panic on missing ek_handle in push model agent * build(deps): bump tempfile from 3.21.0 to 3.23.0 * build(deps): bump actions/upload-artifact from 4 to 6 (#1163) * Fix clippy warnings project-wide * Add KEYLIME_DIR support for verifier TLS certificates in push model agent * Thread privileged resources and use MeasurementList for IMA reading * Add privileged resource initialization and privilege dropping to push model agent * Fix privilege dropping order in run_as() * add documentation on FQDN hostnames * Remove confusing logs for push mode agent * Set correct default Verifier port (8891->8881) (#1159) * Add verifier_url to reference configuration file (#1158) * Add TLS support for Registrar communication (#1139) * Fix agent handling of 403 registration responses (#1154) * Add minor README.md rephrasing (#1151) * build(deps): bump actions/checkout from 5 to 6 (#1153) * ci: update spec files for packit COPR build * docs: improve challenge encoding and async TPM documentation * refactor: improve middleware and error handling * feat: add authentication client with middleware integration * docker: Include keylime_push_model_agent binary * Include attestation_interval configuration (#1146) * Persist payload keys to avoid attestation failure on restart * crypto: Implement the load or generate pattern for keys * Use simple algorithm specifiers in certification_keys object (#1140) * tests: Enable more tests in CI * Fix RSA2048 algorithm reporting in keylime agent * Remove disabled_signing_algorithms configuration * rpm: Fix metadata patches to apply to current code * workflows/rpm.yml: Use more strict patching * build(deps): bump uuid from 1.17.0 to 1.18.1 * Fix ECC algorithm selection and reporting for keylime agent * Improve logging consistency and coherency * Implement minimal RFC compliance for Location header and URI parsing (#1125) * Use separate keys for payload mechanism and mTLS * docker: update rust to 1.81 for distroless Dockerfile * Ensure UEFI log capabilities are set to false * build(deps): bump http from 1.1.0 to 1.3.1 * build(deps): bump log from 0.4.27 to 0.4.28 * build(deps): bump cfg-if from 1.0.1 to 1.0.3 * build(deps): bump actix-rt from 2.10.0 to 2.11.0 * build(deps): bump async-trait from 0.1.88 to 0.1.89 * build(deps): bump trybuild from 1.0.105 to 1.0.110 * Accept evidence handling structures null entries * workflows: Add test to check if RPM patches still apply * CI: Enable test add-agent-with-malformed-ek-cert * config: Fix singleton tests * FSM: Remove needless lifetime annotations (#1105) * rpm: Do not remove wiremock which is now available in Fedora * Use latest Fedora httpdate version (1.0.3) * Enhance coverage with parse_retry_after test * Fix issues reported by CI regarding unwrap() calls * Reuse max retries indicated to the ResilientClient * Include limit of retries to 5 for Retry-After * Add policy to handle Retry-After response headers * build(deps): bump wiremock from 0.6.3 to 0.6.4 * build(deps): bump serde_json from 1.0.140 to 1.0.143 * build(deps): bump pest_derive from 2.8.0 to 2.8.1 * build(deps): bump syn from 2.0.90 to 2.0.106 * build(deps): bump tempfile from 3.20.0 to 3.21.0 * build(deps): bump thiserror from 2.0.12 to 2.0.16 * rpm: Fix patches to apply to current master code * build(deps): bump anyhow from 1.0.98 to 1.0.99 * state_machine: Automatically clean config override during tests * config: Implement singleton and factory pattern * testing: Support overriding configuration during tests * feat: implement standalone challenge-response authentication module * structures: rename session structs for clarity and fix typos * tpm: refactor certify_credential_with_iak() into a more generic function * Add Push Model Agent Mermaid FSM chart (#1095) * Add state to avoid exiting on wrong attestation (#1093) * Add 6 alphanumeric lowercase X-Request-ID header * Enhance Evidence Handling response parsing * build(deps): bump quote from 1.0.35 to 1.0.40 * build(deps): bump libc from 0.2.172 to 0.2.175 * build(deps): bump glob from 0.3.2 to 0.3.3 * build(deps): bump actix-web from 4.10.2 to 4.11.0 ++++ sendmail: - Correct group permission of /var/spool/clientmqueue to make sendmail work again (boo#1255437) ++++ systemd: - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. ++++ systemd: - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. ++++ wget2: - Update to release 2.2.1 * Fix file overwrite issue with metalink [CVE-2025-69194] * Fix remote buffer overflow in get_local_filename_real() [CVE-2025-69195] * Fix a redirect/mirror regression from 400713ca * Use the local system timestamp when requested via - -no-use-server-timestamps * Prevent file truncation with --no-clobber * Improve messages about why URLs are not being followed * Fix metalink with -O/--output-document * Fix sorting of metalink mirrors by priority * Add --show-progress to improve backwards compatibility to wget * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme() * Allow 'no_' prefix in config options * Use libnghttp2 for HTTP/2 testing * Set exit status to 8 on 403 response code * Fix convert-links * Fix --server-response for HTTP/1.1 ++++ maven-parent: - Upgrade to Apache Maven parent POM version 46 * Breaking changes + Require Maven 3.6.3+ from plugins + Update rat plugin configuration + Use spotless 3 when running on JDK >= 17 + Drop Doxia Tools parent pom * New features and improvements + MPOM-387: Exclude test scope from enforcedBytecodeVersion + feat: activate Fluido skin's anchorJs + Enhance target JDK definition for JDK >= 9 + Always render a GitHub ribbon on the right-hand side * Maintenance + MPOM-277: Move maven-invoker-plugin configuration to one place + Remove doxia-tools from documentations + feat: enable prevent branch protection rules + Add Apache 2.0 LICENSE file ++++ python-cbor2: - Add upstream CVE-2025-68131.patch (bsc#1255783) ++++ python-filelock: - Add CVE-2025-68146.patch to fix CVE-2025-68146 (bsc#1255244) ++++ selinux-policy: - Update to version 20250627+git345.3965b24b0: * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024) ++++ selinux-policy: - Update to version 20250627+git345.3965b24b0: * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024) ------------------------------------------------------------------ ------------------ 2026-1-6 - Jan 6 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack * ImageMagick-CVE-2025-68618.patch CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow * ImageMagick-CVE-2025-68950.patch CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack * ImageMagick-CVE-2025-69204.patch ++++ ImageMagick: - security update - added patches CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack * ImageMagick-CVE-2025-68618.patch CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow * ImageMagick-CVE-2025-68950.patch CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack * ImageMagick-CVE-2025-69204.patch ++++ ImageMagick: - security update - added patches CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack * ImageMagick-CVE-2025-68618.patch CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow * ImageMagick-CVE-2025-68950.patch CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack * ImageMagick-CVE-2025-69204.patch ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag ++++ kernel-64kb: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-64kb: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-64kb: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-azure: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-azure: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-azure: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-default: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-default: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-default: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-rt: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-rt: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-rt: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ dpdk: - Update to version 24.11.4 * LTS update with ~250 fixes, details here: https://doc.dpdk.org/guides-24.11/rel_notes/release_24_11.html#id10 - Update to version 24.11.3 * LTS release update contains ~180 fixes from main branch up to DPDK 25.07 - Fixes CVE-2025-23259 -- an attacker on a VM in the system can cause information disclosure and denial of service (bsc#1254161) * remove included patch 0001-dts-generate-random-capture_name-per-call.patch - Remove obsolete build option -Denable_kmods (upstream a52d472c5) - dpdk-tools requires "which" and is noarch - Drop pesign and needssslcertforbuild because we don't build a kmp anymore (boo#1247389) ++++ dtb-aarch64: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ dtb-aarch64: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ dtb-aarch64: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ libheif: - security update - added patches CVE-2025-68431 [bsc#1255735], heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item * libheif-CVE-2025-68431.patch ++++ ibus-libpinyin: - Update version to 1.16.5 * Fix bugs - Drop 0001-Make-libpinyin-setup-could-response-build-config.patch, 0001-All-candidate-and-mode-buttons-created-in-dynamic-ar.patch ++++ kernel-source: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-source: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-source: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-docs: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-docs: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-docs: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-kvmsmall: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-kvmsmall: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-kvmsmall: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-obs-build: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-obs-build: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-obs-build: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-obs-qa: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-obs-qa: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-obs-qa: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-syms: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-syms: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-syms: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-zfcpdump: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ kernel-zfcpdump: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - commit 44c675f ++++ kernel-zfcpdump: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit da56dba - net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156 CVE-2025-40255). - commit 57e1c6f ++++ libpinyin: - Update version to 2.10.3 * Fix bugs ------------------------------------------------------------------ ------------------ 2026-1-5 - Jan 5 2026 ------------------- ------------------------------------------------------------------ ++++ scanner-databases: - database refresh on 2026-01-05 (bsc#1084929) ++++ kernel-64kb: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-64kb: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-64kb: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-azure: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-azure: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-azure: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-default: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-default: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-default: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-rt: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-rt: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-rt: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ dtb-aarch64: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ dtb-aarch64: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ dtb-aarch64: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-source: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-source: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-source: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-docs: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-docs: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-docs: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-kvmsmall: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-kvmsmall: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-kvmsmall: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-build: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-build: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-build: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-qa: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-qa: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-obs-qa: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-syms: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-syms: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-syms: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-zfcpdump: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-zfcpdump: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ kernel-zfcpdump: - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit cb9f7bb - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit ec916c6 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (git-fixes). - commit a690d41 - btrfs: fix changeset leak on mmap write after failure to reserve metadata (git-fixes). - commit 75e4299 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347 bsc#1255262). - commit 085c913 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit fb15ec5 - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - commit 592ca99 - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - commit 07af9a3 - of: unittest: Fix memory leak in unittest_data_add() (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - serial: sh-sci: Check that the DMA cookie is valid (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: alps - fix use-after-free bugs caused by dev3_register_work (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - spi: cadence-quadspi: Fix clock disable on probe failure path (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - hwmon: (ltc4282): Fix reset_history file permissions (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (dell-smm) Limit fan multiplier to avoid overflow (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (git-fixes). - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (git-fixes). - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (stable-fixes). - efi/cper: Add a new helper function to print bitmasks (stable-fixes). - efi/cper: Adjust infopfx size to accept an extra space (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - resource: introduce is_type_match() helper and use it (stable-fixes). - resource: replace open coded resource_intersection() (stable-fixes). - commit 0273be1 - accel/ivpu: Prevent runtime suspend during context abort work (stable-fixes). - Refresh patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch. - commit 79c3327 - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - ASoC: codecs: nau8325: Silence uninitialized variables warnings (stable-fixes). - ASoC: nau8325: use simple i2c probe function (stable-fixes). - ALSA: wavefront: Fix integer overflow in sample size validation (git-fixes). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (git-fixes). - commit bc5d2b7 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit 7a823bd - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 296727b ++++ libpcap: - Security fix: [bsc#1255765, CVE-2025-11961] * Fix out-of-bound-write and out-of-bound-read in pcap_ether_aton() due to missing validation of provided MAC-48 address string * Add libpcap-CVE-2025-11961.patch ++++ protobuf: - Cherry-pick protobuf-fix-google-imports.patch to fix import issues of reverse-dependency packages within the google namespace (bsc#1244918) ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x ++++ protobuf-java: - Cherry-pick protobuf-fix-google-imports.patch to fix import issues of reverse-dependency packages within the google namespace (bsc#1244918) ++++ python-protobuf: - Cherry-pick protobuf-fix-google-imports.patch to fix import issues of reverse-dependency packages within the google namespace (bsc#1244918) ++++ trytond: - Version 7.0.43 - Bugfix Release ++++ trytond_party: - Version 7.0.7 - Bugfix Release ------------------------------------------------------------------ ------------------ 2026-1-4 - Jan 4 2026 ------------------- ------------------------------------------------------------------ ++++ gnome-online-accounts: - Update to version 3.56.3: + Bugs fixed: - Add DAV detection and configuration for SOGo - DAV discovery fails when certain SRV lookups fail + Updated translations. ------------------------------------------------------------------ ------------------ 2026-1-3 - Jan 3 2026 ------------------- ------------------------------------------------------------------ ++++ nvidia-open-driver-G06-signed-cuda: - update non-CUDA variant to version 580.126.09 (boo#1255858) ++++ nvidia-open-driver-G06-signed-cuda: - update non-CUDA variant to version 580.126.09 (boo#1255858) ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.126.09 (boo#1255858) ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.126.09 (boo#1255858) ------------------------------------------------------------------ ------------------ 2026-1-2 - Jan 2 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-64kb: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-64kb: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-azure: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-azure: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-azure: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-default: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-default: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-default: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-rt: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-rt: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-rt: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ curl: - Security fixes: * [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer * [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth * [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache * [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file * Add patches: - curl-CVE-2025-14524.patch - curl-CVE-2025-15224.patch - curl-CVE-2025-14819.patch - curl-CVE-2025-15079.patch ++++ curl: - Security fixes: * [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer * [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth * [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache * [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file * Add patches: - curl-CVE-2025-14524.patch - curl-CVE-2025-15224.patch - curl-CVE-2025-14819.patch - curl-CVE-2025-15079.patch ++++ dtb-aarch64: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ dtb-aarch64: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ dtb-aarch64: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ freeciv: - freeciv 3.2.2, a compatible general bugfix release: * Fix backward compatibility in loading unit actions from a savegame * Fix crashes after continuing game from a savegame * Fix an error after player is added mid-game * Fix various crashes in client, and client UI tweaks ++++ kernel-source: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-source: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-source: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-docs: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-docs: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-docs: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-kvmsmall: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-kvmsmall: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-kvmsmall: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-build: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-build: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-build: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-qa: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-qa: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-obs-qa: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-syms: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-syms: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-syms: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-zfcpdump: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-zfcpdump: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ++++ kernel-zfcpdump: - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 2cae729 - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - commit fa39b88 - uprobe: Do not emulate/sstep original instruction when ip is changed (git-fixes). - commit d467aca ------------------------------------------------------------------ ------------------ 2025-12-31 - Dec 31 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-64kb: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-64kb: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-azure: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-azure: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-azure: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-default: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-default: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-default: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-rt: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-rt: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-rt: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ dtb-aarch64: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ dtb-aarch64: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ dtb-aarch64: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ fde-tools: - Add fde-tools.conf to create /var/log/fde with tmpfiles.d (jsc#PED-14754) ++++ kernel-source: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-source: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-source: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-docs: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-docs: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-docs: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-kvmsmall: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-kvmsmall: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-kvmsmall: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-build: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-build: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-build: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-qa: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-qa: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-obs-qa: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-syms: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-syms: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-syms: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-zfcpdump: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-zfcpdump: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ kernel-zfcpdump: - scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes). - commit d4f8c1e - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 880a26c - kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130). - commit fc77a12 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit bdfa48f ++++ matio: - update to version 1.5.29: * Fix printing rank-1-variable in Mat_VarPrint * Fix array index out of bounds in Mat_VarPrint when printing UTF-8 character data (boo#1239678, CVE-2025-2337) * Fix heap-based buffer overflow in strdup_vprintf (boo#1239677, CVE-2025-2338) * Changed Mat_VarPrint to print all values of rank-2-variable * Several other fixes, for example for access violations in Mat_VarPrint ++++ mc: - run obs/service/source_validators/helpers/fix_changelog ------------------------------------------------------------------ ------------------ 2025-12-30 - Dec 30 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-64kb: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-64kb: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-azure: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-azure: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-azure: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-default: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-default: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-default: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-rt: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-rt: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-rt: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ dtb-aarch64: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ dtb-aarch64: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ dtb-aarch64: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ freerdp: - Update to version 3.20.0: * Mingw fixes (#12070) * [crypto,certificate_data] add some hostname sanitation * [client,common]: Fix loading of rdpsnd channel * [client,sdl] set touch and pen hints - Changes from version 3.19.1: * [core,transport] improve SSL error logging * [utils,helpers] fix freerdp_settings_get_legacy_config_path * From stdin and sdl-creds improve * [crypto,certificate] sanitize hostnames * [channels,drdynvc] propagate error in dynamic channel * [CMake] make Mbed-TLS and LibreSSL experimental * Json fix * rdpecam: send sample only if it's available * [channels,rdpecam] allow MJPEG frame skip and direct passthrough * [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength * [packaging,flatpak] remove xprop - Changes from version 3.19.0: * [client,common] fix retry counter * [cmake] fix aarch64 neon detection * Fix response body existence check when using RDP Gateway * fix line clipping issue * Clip coord fix * [core,input] Add debug log to keyboard state sync * Update command line usage for gateway option * [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN * [channels,audin] fix pulse memory leak * [channels,drive] Small performance improvements in drive channel * [winpr,utils] fix command line error logging * [common,test] Adjust AVC and H264 expectations * drdynvc: implement compressed packet * [channels,rdpecam] improve log messages * Fix remote credential guard channel loading * Fix inverted ifdef * [core,nego] disable all enabled modes except the one requested * rdpear: handle basic NTLM commands and fix server-side * [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts` * rdpecam: fix camera sample grabbing ++++ kepler: - Remove patches: * 0001-use-local-bpf2go.patch * 0002-change-data-path.patch * 0003-Bump-x-net.patch - Update to version 0.11.3 * Security: CVE-2025-58190 Fix excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251632) * Security: CVE-2025-47911 Fix various algorithms with quadratic complexity when parsing HTML documents (bsc#1251427) - Update to version 0.11.2 * Fix: Fix node power metrics for Virtual Machines. * Fix: Resolve an issue with pod energy metrics when a container has no usage. - Update to version 0.11.1 * Fix: Added missing serviceaccount in the Helm chart. - Update to version 0.11.0 * Feature: Added support for platform power metrics (AC). * Feature: Introduced experimental support for trained power models. * Fix: Improved the accuracy of power estimation for Virtual Machines. * Breaking Change: Metrics related to `kepler_vm_` have been refactored. - Update to version 0.10.1 * Feature: Added support for the ARM64 architecture. * Fix: Addressed issues when running on Virtual Machines without RAPL. * Fix: Includes several other bug fixes and stability improvements. - Update to version 0.10.0 * Breaking Change: This is a major rewrite with significant architectural changes. * Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes. * Breaking Change: The configuration format has been updated. * Breaking Change: The Kepler Model Server is not compatible with this version and above. * Feature: New modular architecture for better extensibility. * Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones. * Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities. * Fix: Significantly reduced resource usage. - Update to version 0.9.0 * Note: This is the final legacy release. * Feature: Added support for GPU power monitoring. * Feature: Introduced a model server for training power models. - Update to version 0.8.2 * Fix: Addressed a bug in RAPL power calculation on multi-socket systems. - Update to version 0.8.1 * Fix: This version includes multiple bug fixes and stability improvements. - Update to version 0.8.0 * Feature: Introduced a new estimator framework. * Breaking Change: The API is backward incompatible with previous versions. - Update to version 0.7.12 * Fix: This version includes multiple bug fixes and stability improvements. ++++ kernel-source: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-source: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-source: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-docs: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-docs: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-docs: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-kvmsmall: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-kvmsmall: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-kvmsmall: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-build: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-build: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-build: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-qa: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-qa: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-obs-qa: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-syms: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-syms: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-syms: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-zfcpdump: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-zfcpdump: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ kernel-zfcpdump: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Refresh patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch. - Refresh patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch. - commit 24d45f1 - scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (CVE-2025-40130 bsc#1253414). - commit ebfcb5d ++++ vlc: - Update to version 3.0.23: + Codecs: * Fix WebVTT line positioning * Expose additional audio codec information (notably for Flac 24bit) + Demuxers: * fix some JPEG files wih JFIF headers + Security: * Fix null deref in libass, undefined shift in theora and cc-708, integer overflow in daala, Infinite loop in h264 parsing, buffer overflow in png and multiple format-overflows + Misc: * Prepare compatibility for taglib 2.0, Qt6, FFmpeg8, mingw-w64 v13 and newer versions of libplacebo and pupnp - Drop vlc-libplacebo-5.patch: fixed upstream - Convert to source service: 3.0.23 was only tagged, but no tarball was published. - Unpin ffmpeg-version: build against ffmpeg-8 - Update to version 3.0.22: + Core: Assume subpictures are in SDR by default + Decoders: * Fix Opus channel mapping * Fix hardware decoding with VideoToolbox of XVID MPEG-4 video * Add dav1d-all-layers option * Fix DVD CEA-608 captions parsing * Fix ProRes 4:4:4:4 * Disable decoding using libdca, libmpeg2 and liba52 by default in favor of libavcodec + Demuxers: * Add support for DMX audio music (MUS) files * Handle mkv-use-chapter-codec option * Add A_ATRAC/AT1 support in matroska * Prevent FLAC seeking logic get stuck * Handle pictures in FLAC * Fix VOB/AOB LPCM/MLP detection failing occasionally * Cut QNap title on first invalid character * Fix display of certain JPEG files * Fix playback of very short ASF files (duration less than 1s) * Multiple fixes in MPEG-TS * Fix crashes in multiple demuxers (reported by rub.de, oss-fuzz and others) + Input: Fix SFTP seeking for large files on 32-bit OS + Interface: * Qt: Add option to use dark palette * Qt: Add compilation support for newer versions of Qt5 * Qt: Fix scrolling on volume slider * KDE: fix MPRIS state when started from file + Service Discovery: UPnP: remove SAT>IP channel list fallback + Video Output: * Use a better stretch mode in wingdi * Fetch missing device information when running in UWP + Video Filter: * Add AMD GPU Frame Rate Doubler (Direct3D11) * Improve visualization of low frequencies in spectrogram - Drop merged patches: + 5574.patch + 5590.patch + 6168.patch + 6273.patch + 6527.patch + 6606.patch + vlc-taglib-2.0.patch ++++ wget2: - Update to release 2.2.0 * Don't truncate file when -c and -O are combined * Don't log URI userinfo to logs * Fix downloading multiple files via HTTP/2 * Support connecting with HTTP/1.0 proxies * Ignore 1xx HTTP responses for HTTP/1.1 * Disable TCP Fast Open by default * Fix segfault when OCSP response is missing * Add libproxy support ------------------------------------------------------------------ ------------------ 2025-12-29 - Dec 29 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-64kb: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-64kb: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-azure: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-azure: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-azure: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-default: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-default: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-default: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-rt: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-rt: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-rt: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ dracut: - Update to version 059+suse.717.g75494a30: Fix and update testsuite (bsc#1254873): * test(FULL-SYSTEMD): ignore errors in systemd-vconsole-setup.service * test: move /failed to /run/failed as rootfs might be read-only * test(FULL-SYSTEMD): use poweroff to shut down test * test(FULL SYSTEMD): no need to include dbus to the target rootfs * test: make the size of all test drives 512 MB * fix(systemd): move installation of libkmod to udev-rules module * test: switch to virtio for the QEMU drive * test: switch to virtio for the QEMU drive * test: increase test VM memory from 512M to 1024M to avoid OOM killer * test: move more common test code to test-functions * test: upgrade to ext4 Other: * fix(nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960) ++++ dtb-aarch64: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ dtb-aarch64: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ dtb-aarch64: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ hauler: - Update to version 1.3.2: * bump to latest cosign fork release (#481) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476) ++++ kernel-source: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-source: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-source: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-docs: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-docs: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-docs: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-kvmsmall: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-kvmsmall: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-kvmsmall: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-build: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-build: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-build: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-qa: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-qa: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-obs-qa: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-syms: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-syms: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-syms: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-zfcpdump: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-zfcpdump: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ kernel-zfcpdump: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 652c9d1 ++++ knot: - update to version 3.5.2, see https://www.knot-dns.cz/2025-11-28-version-352.html ++++ trivy: - Update to version 0.68.2: * release: v0.68.2 [release/v0.68] (#9950) * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946) ------------------------------------------------------------------ ------------------ 2025-12-28 - Dec 28 2025 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20251217.34fd7bc: * add tmpfiles template adm-backup.conf (jsc#PED-14803) * Revert ec7f00fa60f11d28b427f2e224822a7b81825806 * Fix old script to support copy mode as well * Support for XDG environment variables for the su, * adapted sugggestions * Patching nsswitch.conf only if it has not been generated by nsswitch-config (JIRA-#PED-13807). * Avoid nasty exceptions running tput ++++ kernel-64kb: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-64kb: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-64kb: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-azure: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-azure: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-azure: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-default: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-default: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-default: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-rt: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-rt: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-rt: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ dtb-aarch64: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ dtb-aarch64: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ dtb-aarch64: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-source: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-source: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-source: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-docs: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-docs: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-docs: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-kvmsmall: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-kvmsmall: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-kvmsmall: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-build: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-build: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-build: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-qa: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-qa: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-obs-qa: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-syms: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-syms: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-syms: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-zfcpdump: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-zfcpdump: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ++++ kernel-zfcpdump: - supported.conf: Update path for ufs drivers As part of bsc#1253414 CVE-2025-40130, which updates the ufs driver, it was discovered that the pathnames in the supported module list had the old ufs driver pathnames, which was drivers/scsi/ufs. But the ufs drivers are now in drivers/ufs. Also, the ti-j721e-ufs modules is now in the "host" subdirectory. - commit 0d9f529 ------------------------------------------------------------------ ------------------ 2025-12-26 - Dec 26 2025 ------------------- ------------------------------------------------------------------ ++++ gn: - Update to version 0.20251217: * Fix sha2 on big endian * [Windows] Reduce the number of worker threads on many-core machines * Add a sha256 hash implementation and use it for string_hash * Opt-in to the Windows SegmentHeap * Add a `module_name` flag to source_set. * Refactor module name to be dynamic. * Optimize vector creation in compile_commands_writer.cc. * Run 'tools/run_formatter.sh' * Implement `string_hash` function. * Support weak_libraries * Do not add .inputdeps paths to --ninja-outputs-file * Make clang modules output -fmodule-file=foo=. * infra: Revert CIPD autoconf * infra: Include autoconf bin directory to PATH * infra: Fix autoconf executable path * infra: Use CIPD autoconf * Allow led access in GN via http://go/ciba * Revert "Build non-linkable deps async with Ninja's validaitons" * Upgrade linux bots from ubuntu 22.04 to ubuntu 24.04 * Use unordered_map instead of map in HeaderChecker * Add --file_relation to gn refs command * Optimize vector initialization and preallocation in desc_builder.cc. * Add `reserve` statement when vector size is known beforehand. * Refactor container update by preferring the range insert. * Handle symlinked directories correctly during gn clean on Windows. * Fix relative imports from args.gn. ------------------------------------------------------------------ ------------------ 2025-12-25 - Dec 25 2025 ------------------- ------------------------------------------------------------------ ++++ gdcm: - apply fix for poppler 25.10 build error ------------------------------------------------------------------ ------------------ 2025-12-24 - Dec 24 2025 ------------------- ------------------------------------------------------------------ ++++ maven-archiver: - Upgrade to maven-archiver 3.6.6 * New features and improvements + Backport sorting of properties to maven archiver 3.x * Maintenance + Convert to MARKDOWN with doxia-converter + Add more timestamp tests * Dependency updates + Bump Maven to 3.9.12 + Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.4 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 ++++ xz-java: - Upgrade to version 1.11 * Fix a data corruption bug when encoding with the rarely-used option LZMA2Options.MODE_UNCOMPRESSED. To trigger the bug, a write call must cross an offset that is a multiple of 65536 bytes. For example, one write of 70000 bytes or two write calls of 50000 bytes each would trigger the bug. The bug isn't triggered if there are ten write calls of 8192 bytes each followed by one 123-byte write. * If encoding to a .xz file, a decoder would catch the issue because the integrity check wouldn't match. * The binaries of 1.10 in the Maven Central require Java 8 and contain optimized classes for Java >= 9 as multi-release JAR. They were built with OpenJDK 21.0.9 on GNU/Linux and can be reproduced using the following command: SOURCE_DATE_EPOCH=1763575020 TZ=UTC0 ant maven ------------------------------------------------------------------ ------------------ 2025-12-23 - Dec 23 2025 ------------------- ------------------------------------------------------------------ ++++ buildah: - Add patch for CVE-2025-47914 (bsc#1254054), CVE-2025-47913 (bsc#1253598): * 0004-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch - Rebase patches: * 0001-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch * 0002-run-handle-relabeling-bind-mounts-ourselves.patch * 0003-CVE-2025-52881-backport-subset-of-patch-from-runc.patch ++++ kernel-64kb: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-64kb: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-64kb: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-azure: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-azure: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-azure: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-default: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-default: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-default: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-rt: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-rt: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-rt: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ dtb-aarch64: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ dtb-aarch64: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ dtb-aarch64: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-source: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-source: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-source: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-docs: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-docs: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-docs: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-kvmsmall: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-kvmsmall: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-kvmsmall: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-build: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-build: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-build: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-qa: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-qa: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-obs-qa: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-syms: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-syms: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-syms: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-zfcpdump: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-zfcpdump: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ kernel-zfcpdump: - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit cbc44e7 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit ac93c78 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit d162d45 ++++ nvidia-open-driver-G07-signed-cuda: - update to G07 version 590.48.01 ++++ nvidia-open-driver-G07-signed-cuda: - update to G07 version 590.48.01 ++++ nvidia-open-driver-G07-signed: - update to G07 version 590.48.01 ++++ nvidia-open-driver-G07-signed: - update to G07 version 590.48.01 ------------------------------------------------------------------ ------------------ 2025-12-22 - Dec 22 2025 ------------------- ------------------------------------------------------------------ ++++ scanner-databases: - database refresh on 2025-12-22 (bsc#1084929) ++++ kernel-64kb: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-64kb: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-64kb: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-azure: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-azure: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-azure: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-default: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-default: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-default: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-rt: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-rt: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-rt: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ cpp-httplib: - Add CVE-2025-66570.patch * Fix CVE-2025-66570 (bsc#1254734) and CVE-2025-66577 (bsc#1254735) ++++ cpp-httplib: - Add CVE-2025-66570.patch * Fix CVE-2025-66570 (bsc#1254734) and CVE-2025-66577 (bsc#1254735) ++++ dtb-aarch64: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ dtb-aarch64: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ dtb-aarch64: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-source: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-source: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-source: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-docs: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-docs: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-docs: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-kvmsmall: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-kvmsmall: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-kvmsmall: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-build: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-build: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-build: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-qa: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-qa: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-obs-qa: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-syms: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-syms: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-syms: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-zfcpdump: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-zfcpdump: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ kernel-zfcpdump: - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit c2d456f - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit cd21b6d - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 656c4a6 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit 0031a97 ++++ udisks2: - (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502) + add 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch - Fix dbus daemon requires, it's dbus-service, not dbus-1 ++++ podman: - Add patch for CVE-2025-47914 (bsc#1253993), CVE-2025-47913 (bsc#1253542): * 0006-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch - Rebase patches: * 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch * 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch * 0003-CVE-2025-6032-machine-init-fix-tls-check.patch * 0004-CVE-2025-9566-kube-play-don-t-follow-volume-symlinks.patch * 0005-CVE-2025-52881-backport-subset-of-patch-from-runc.patch ------------------------------------------------------------------ ------------------ 2025-12-21 - Dec 21 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-64kb: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-64kb: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-azure: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-azure: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-azure: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-default: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-default: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-default: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-rt: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-rt: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-rt: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ dtb-aarch64: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ dtb-aarch64: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ dtb-aarch64: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-source: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-source: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-source: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-docs: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-docs: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-docs: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-kvmsmall: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-kvmsmall: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-kvmsmall: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-build: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-build: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-build: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-qa: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-qa: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-obs-qa: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-syms: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-syms: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-syms: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-zfcpdump: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-zfcpdump: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ kernel-zfcpdump: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 852b35f - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 2787f89 ++++ proteus: - Version 7.0.3 - Bugfix Release ++++ python-PyWebDAV3-GNUHealth: - version 0.13.0 * no changelog provided * source file renamed ++++ tryton: - Version 7.0.31 - Bugfix Release ++++ trytond: - Version 7.0.42 - Bugfix Release ++++ trytond_account: - Version 7.0.23 - Bugfix Release ++++ trytond_purchase: - Version 7.0.16 - Bugfix Release ++++ trytond_stock_lot: - Version 7.0.5 - Bugfix Release ------------------------------------------------------------------ ------------------ 2025-12-20 - Dec 20 2025 ------------------- ------------------------------------------------------------------ ++++ helmfile: - Update to version 1.2.3: * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.2 to 1.32.3 by @dependabot[bot] in #2308 * build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @dependabot[bot] in #2310 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.92.1 to 1.93.0 by @dependabot[bot] in #2307 * Add parameter to render helmfile as go template without .gotmpl extension by @ronaldour in #2312 * build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 by @dependabot[bot] in #2315 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.93.0 to 1.93.2 by @dependabot[bot] in #2323 * build(deps): bump k8s.io/apimachinery from 0.34.2 to 0.34.3 by @dependabot[bot] in #2322 * build(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 by @dependabot[bot] in #2317 * build(deps): bump k8s.io/client-go from 0.34.2 to 0.34.3 by @dependabot[bot] in #2321 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.3 to 1.32.5 by @dependabot[bot] in #2320 * build(deps): bump helm.sh/helm/v3 from 3.19.2 to 3.19.3 by @dependabot[bot] in #2325 * build(deps): bump helm.sh/helm/v4 from 4.0.1 to 4.0.2 by @dependabot[bot] in #2326 * build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #2331 * build(deps): bump helm.sh/helm/v3 from 3.19.3 to 3.19.4 by @dependabot[bot] in #2328 * build(deps): bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #2332 * build(deps): bump dessant/lock-threads from 5 to 6 by @dependabot[bot] in #2330 * build(deps): bump helm.sh/helm/v4 from 4.0.3 to 4.0.4 by @dependabot[bot] in #2329 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.93.2 to 1.94.0 by @dependabot[bot] in #2333 * bump helm version to 4.0.4 by @yxxhero in #2335 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.5 to 1.32.6 by @dependabot[bot] in #2336 * build(deps): bump github.com/zclconf/go-cty-yaml from 1.1.0 to 1.2.0 by @dependabot[bot] in #2340 * build(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 by @dependabot[bot] in #2338 * fix: rewrite relative file:// chart dependencies to absolute paths by @sstarcher in #2334 ------------------------------------------------------------------ ------------------ 2025-12-19 - Dec 19 2025 ------------------- ------------------------------------------------------------------ ++++ apache2-mod_php8: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ busybox: - Fix tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch - Fix HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) * wget-don-t-allow-control-characters-in-url.patch - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237) * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch ++++ busybox: - Fix tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch - Fix HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) * wget-don-t-allow-control-characters-in-url.patch - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237) * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch ++++ byte-buddy: - Update to v1.18.3 * Changes of v1.18.3 + Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available. + Add additional safety when processing class files with illegally formed parameters. + Update to latest ASM. * Changes of v1.18.2 + Support modifiers for value classes in Valhalla builds. + Improve use of build cache in Gradle. ++++ byte-buddy: - Update to v1.18.3 * Changes of v1.18.3 + Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available. + Add additional safety when processing class files with illegally formed parameters. + Update to latest ASM. * Changes of v1.18.2 + Support modifiers for value classes in Valhalla builds. + Improve use of build cache in Gradle. ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ chromium: - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet ++++ kernel-64kb: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-64kb: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-64kb: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-azure: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-azure: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-azure: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-default: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-default: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-default: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-rt: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-rt: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-rt: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ dtb-aarch64: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ dtb-aarch64: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ dtb-aarch64: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ flake-pilot: - Clippy fixes Avoid unneeded unwrap - Use pull policy set to: newer if the image on the registry is newer than the one in the local flake registry, make sure to fetch the latest version automatically. Pull errors are suppressed if a local image was found and we can't pull from the source location e.g an image that was provided by a package and the blob was loaded from the local storage. ++++ kernel-source: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-source: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-source: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-docs: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-docs: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-docs: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-kvmsmall: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-kvmsmall: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-kvmsmall: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-build: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-build: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-build: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-qa: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-qa: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-obs-qa: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-syms: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-syms: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-syms: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-zfcpdump: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-zfcpdump: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ kernel-zfcpdump: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 1a4ecc3 - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - commit f9dd89c - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit d9c33d8 - af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214 bsc#1254961). - commit f4d0234 - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - commit ca34a4d - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 8f55c39 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit 1f7e22a - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit 3883ce8 - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 8f641eb ++++ systemd: - Add 0001-Drop-or-soften-some-upstream-warnings.patch (bsc#1228728) (bsc#1251981) For now it just drops the 'unmerged-bin' taint flag. ++++ systemd: - Add 0001-Drop-or-soften-some-upstream-warnings.patch (bsc#1228728) (bsc#1251981) For now it just drops the 'unmerged-bin' taint flag. ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ openQA: - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm ++++ php8: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ php8-embed: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ php8-fastcgi: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ php8-fpm: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ php8-test: - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - fixes CVE-2025-14178 [bsc#1255711] CVE-2025-14180 [bsc#1255712] CVE-2025-14177 [bsc#1255710] ++++ terminology: - Update to 1.14.0: * New translations: Hungarian, Slovak * Report or Set Selection through escape codes * Handle Alternate Escape (7728) * Handle Application Escape Code * Add configuration whether emojis should be considered as double width. Default is double width. * Colorshemes: add GruvBox Material Dark * Translation updates for Chinese (Simplified), Catalan, Croatian, Dutch, Finnish, French, Indonesian, Japanese, Lithuanian, Polish, Portuguese, Portuguese (Brazil), Russian, Serbian, Spanish, Swedish, Turkish * Unify format of responses to OSC 10, 11 and 12 * Fix translucent background on startup * Fix wheel events emitted even if wheel has not moved * Do not use spaces when returning terminal name * Colorschemes: ensure metadata.name and file name are the same * Fix issue when exiting on *BSD * Do not interpret “CSI = 5 u” as DECRC * Handle empty CSI SRG 38/48 * Do not consider Key Resources as color * Build with Meson 0.59 or later * Cleanup the code base about misuse of calloc() * Testing on OSC 52 ------------------------------------------------------------------ ------------------ 2025-12-18 - Dec 18 2025 ------------------- ------------------------------------------------------------------ ++++ OpenBoard: - add patch 1387-fix-poppler-25-11.patch * compatibility with poppler 25.11 * already merged upstream for next release ++++ OpenBoard: - add patch 1387-fix-poppler-25-11.patch * compatibility with poppler 25.11 * already merged upstream for next release ++++ OpenBoard: - add patch 1387-fix-poppler-25-11.patch * compatibility with poppler 25.11 * already merged upstream for next release ++++ OpenBoard: - add patch 1387-fix-poppler-25-11.patch * compatibility with poppler 25.11 * already merged upstream for next release ++++ apache2-mod_php8: - main package require wwwrun:www user as it assumes it in filelist [bsc#1255043] ++++ kernel-64kb: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-64kb: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-64kb: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-azure: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-azure: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-azure: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-default: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-default: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-default: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-rt: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-rt: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-rt: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ samba: - Adjust README.SUSE to reflect the new preferred location for '[printers]' share; (bsc#1254665). ++++ samba: - Adjust README.SUSE to reflect the new preferred location for '[printers]' share; (bsc#1254665). ++++ dtb-aarch64: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ dtb-aarch64: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ dtb-aarch64: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ elemental-register: - Update to v1.8.1: * bcbd09d2 Install yip config files in before-install step * 64505339 Bump github.com/rancher-sandbox/go-tpm and its dependencies This includes few CVE fixes: * bsc#1241826 (CVE-2025-22872) * bsc#1241857 (CVE-2025-22872) * bsc#1251511 (CVE-2025-47911) * bsc#1251679 (CVE-2025-58190) ++++ kernel-source: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-source: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-source: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-docs: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-docs: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-docs: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-kvmsmall: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-kvmsmall: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-kvmsmall: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-build: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-build: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-build: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-qa: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-qa: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-obs-qa: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-syms: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-syms: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-syms: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-zfcpdump: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-zfcpdump: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ kernel-zfcpdump: - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - commit 18154f6 - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 23f1b71 - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: phy: micrel: always set shared->phydev for LAN8814 (CVE-2025-40239 bsc#1254868). - commit 48a9709 ++++ syslogd: - Install tmpfile correctly as syslogd.conf (instead of sendmail.conf), ++++ mariadb: - make 'mysql-systemd-helper upgrade' selinux aware (bsc#1255024) ++++ mariadb: - make 'mysql-systemd-helper upgrade' selinux aware (bsc#1255024) ++++ maven: - Specify required maven-resolver version since the maven-resolver-provider requires methods added in 1.9.25 ++++ openQA: - Update to version 5.1766014013.377e64fe: * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ openQA: - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions ++++ os-autoinst: - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder ++++ os-autoinst: - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder ++++ os-autoinst: - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder ++++ os-autoinst: - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder ++++ os-autoinst: - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE vers