Recommended update for libostree

SUSE-SLE-Module-Basesystem-15-SP7-2025-298 Recommended update for libostree moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libostree fixes the following issues: - Version update 2024.10: + enable composefs by default, various composefs fixes. + core: Always sort incoming xattrs. + sign-ed25519: Fix error message of validate_length. + profiles-fuse: when fuse execution fails it still returns exit code 0. + documentation updates. + deploy: Don't recompute verity checksums if not enabled (performance improvement). + various prepare-root fixes. - Drop rcFOO symlinks. + Adapt to a change in libcurl that caused ostree to start crashing. + switchroot: Stop making /sysroot mount private. + bugfix for "transient-etc" users, root.transient switch to tmpfs. + sysroot: check if deployments are in the same stateroot, turn on bootloader-naming-2 by default. + sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled. + main: Ignore SIGPIPE when printing version. + bootloader/grub2: Don't do anything if we have static configs. + kargs: parse spaces in kargs input and keep quotes. + Ensure boot directory is open before accessing it for early pruning. + checkout: Always replace existing content with overlay mode. + Expand ostree admin pin command. + Finalize "deployment finalization locking" feature. + Add ostree admin post-copy. + Speed-up through reflinks. + Improvements to system root and bootloader. + Bug fixes, documentation updates, and developer fixes. libostree-1-1-2024.10-150500.3.9.4.x86_64.rpm libostree-2024.10-150500.3.9.4.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1728 Recommended update for abseil-cpp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for abseil-cpp fixes the following issue: - Version update 20240116.3 * Fix potential integer overflow in hash container create/resize (bsc#1236438). abseil-cpp-20240116.3-150600.19.3.15.src.rpm abseil-cpp-devel-20240116.3-150600.19.3.15.x86_64.rpm libabsl2401_0_0-20240116.3-150600.19.3.15.x86_64.rpm libabsl2401_0_0-32bit-20240116.3-150600.19.3.15.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1638 Security update for openssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssh fixes the following issue: Security fixes: - CVE-2025-32728: Fixed logic error in DisableForwarding option (bsc#1241012) Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 - Enable --with-logind to call the SetTTY dbus method in systemd. This allows "wall" to print messages in ssh ttys (bsc#1239671) openssh-9.6p1-150600.6.26.1.src.rpm openssh-9.6p1-150600.6.26.1.x86_64.rpm openssh-clients-9.6p1-150600.6.26.1.x86_64.rpm openssh-common-9.6p1-150600.6.26.1.x86_64.rpm openssh-fips-9.6p1-150600.6.26.1.x86_64.rpm openssh-helpers-9.6p1-150600.6.26.1.x86_64.rpm openssh-server-9.6p1-150600.6.26.1.x86_64.rpm openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4321 Recommended update for pciutils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for "PCIe lane margining," which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as "downgraded" (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as "[virtual]" (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. libpci3-3.13.0-150300.13.9.1.x86_64.rpm pciutils-3.13.0-150300.13.9.1.src.rpm pciutils-3.13.0-150300.13.9.1.x86_64.rpm pciutils-devel-3.13.0-150300.13.9.1.x86_64.rpm libpci3-32bit-3.13.0-150300.13.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2259 Recommended update for gpg2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). dirmngr-2.4.4-150600.3.9.1.x86_64.rpm gpg2-2.4.4-150600.3.9.1.src.rpm gpg2-2.4.4-150600.3.9.1.x86_64.rpm gpg2-lang-2.4.4-150600.3.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1514 Optional update for oath-toolkit low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for oath-toolkit provides the following fix: - Add libpskc0 to SLE-Module-Packagehub-Subpackages. (bsc#1237295) liboath-devel-2.6.2-150000.3.7.1.x86_64.rpm liboath0-2.6.2-150000.3.7.1.x86_64.rpm oath-toolkit-2.6.2-150000.3.7.1.src.rpm oath-toolkit-xml-2.6.2-150000.3.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1561 Optional update for libtraceevent low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libtraceevent fixes the following issue - Add libtraceevent-devel to SLE-Module-Development-Tools_15-SP6 (bsc#1240425) libtraceevent-1.7.3-150500.11.5.1.src.rpm libtraceevent-devel-1.7.3-150500.11.5.1.x86_64.rpm libtraceevent1-1.7.3-150500.11.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1739 Recommended update for systemd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - Add missing 'systemd-journal-remote' package to 15-SP7 (bsc#1243259) - umount: do not move busy network mounts (bsc#1236177) - Apply coredump sysctl settings on systemd-coredump updates/removals. - Fix the issue with journalctl not working for users in Container UID range (bsc#1242938) Don't write messages sent from users with UID falling into the container UID range to the system journal. Daemons in the container don't talk to the outside journald as they talk to the inner one directly, which does its journal splitting based on shifted uids. - man/pstore.conf: pstore.conf template is not always installed in /etc - man: coredump.conf template is not always installed in /etc (bsc#1237496) libsystemd0-254.24-150600.4.33.1.x86_64.rpm libudev1-254.24-150600.4.33.1.x86_64.rpm systemd-254.24-150600.4.33.1.src.rpm systemd-254.24-150600.4.33.1.x86_64.rpm systemd-container-254.24-150600.4.33.1.x86_64.rpm systemd-coredump-254.24-150600.4.33.1.x86_64.rpm systemd-devel-254.24-150600.4.33.1.x86_64.rpm systemd-doc-254.24-150600.4.33.1.x86_64.rpm systemd-journal-remote-254.24-150600.4.33.1.x86_64.rpm systemd-lang-254.24-150600.4.33.1.noarch.rpm systemd-sysvcompat-254.24-150600.4.33.1.x86_64.rpm udev-254.24-150600.4.33.1.x86_64.rpm libsystemd0-32bit-254.24-150600.4.33.1.x86_64.rpm libudev1-32bit-254.24-150600.4.33.1.x86_64.rpm systemd-32bit-254.24-150600.4.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1689 Recommended update for hwinfo moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for hwinfo fixes the following issues: - Version update v21.88 - Fix network card detection on aarch64 (bsc#1240648). hwinfo-21.88-150500.3.9.2.src.rpm hwinfo-21.88-150500.3.9.2.x86_64.rpm hwinfo-devel-21.88-150500.3.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1508 Security update for openvpn moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openvpn fixes the following issues: - CVE-2025-2704: Fixed remote DoS due to possible ASSERT() on OpenVPN servers using --tls-crypt-v2 (bsc#1240392) openvpn-2.6.8-150600.3.17.1.src.rpm openvpn-2.6.8-150600.3.17.1.x86_64.rpm openvpn-auth-pam-plugin-2.6.8-150600.3.17.1.x86_64.rpm openvpn-dco-2.6.8-150600.3.17.1.src.rpm openvpn-dco-2.6.8-150600.3.17.1.x86_64.rpm openvpn-dco-devel-2.6.8-150600.3.17.1.x86_64.rpm openvpn-devel-2.6.8-150600.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1714 Recommended update for ncurses moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb libncurses6-6.1-150000.5.30.1.x86_64.rpm ncurses-6.1-150000.5.30.1.src.rpm ncurses-devel-6.1-150000.5.30.1.x86_64.rpm ncurses-utils-6.1-150000.5.30.1.x86_64.rpm tack-6.1-150000.5.30.1.x86_64.rpm terminfo-6.1-150000.5.30.1.x86_64.rpm terminfo-base-6.1-150000.5.30.1.x86_64.rpm terminfo-iterm-6.1-150000.5.30.1.x86_64.rpm terminfo-screen-6.1-150000.5.30.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2289 Security update for docker moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.2.2_ce-150000.227.1.src.rpm docker-28.2.2_ce-150000.227.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2198 Security update for runc low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. runc-1.2.6-150000.73.2.src.rpm runc-1.2.6-150000.73.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3429 Recommended update for wireless-regdb moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireless-regdb fixes the following issues: Update to version 20250220 (bsc#1240356): * Update regulatory info for Oman (OM) * Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021 * Update regulatory info for Cayman Islands (KY) for 2024 * Update regulatory rules for Austria (AT) * Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT * Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz * Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024 Update to version 20231201: * wireless-regdb: Update keys and maintainer information wireless-regdb-20250220-150000.3.20.1.noarch.rpm wireless-regdb-20250220-150000.3.20.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1456 Security update for sqlite3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) libsqlite3-0-3.49.1-150000.3.27.1.x86_64.rpm sqlite3-3.49.1-150000.3.27.1.src.rpm sqlite3-3.49.1-150000.3.27.1.x86_64.rpm sqlite3-devel-3.49.1-150000.3.27.1.x86_64.rpm sqlite3-tcl-3.49.1-150000.3.27.1.x86_64.rpm libsqlite3-0-32bit-3.49.1-150000.3.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1595 Recommended update for clamav moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for clamav fixes the following issues: - Build binaries as position independend executable. (bsc#1239957) clamav-1.4.2-150600.18.12.1.src.rpm clamav-1.4.2-150600.18.12.1.x86_64.rpm clamav-devel-1.4.2-150600.18.12.1.x86_64.rpm clamav-docs-html-1.4.2-150600.18.12.1.noarch.rpm clamav-milter-1.4.2-150600.18.12.1.x86_64.rpm libclamav12-1.4.2-150600.18.12.1.x86_64.rpm libclammspack0-1.4.2-150600.18.12.1.x86_64.rpm libfreshclam3-1.4.2-150600.18.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1597 Recommended update for icewm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for icewm fixes the following issues: - Update the latest translation from https://l10n.opensuse.org/projects/icewm/icewm-1-4-branch/. icewm-1.4.2-150000.7.18.1.src.rpm icewm-1.4.2-150000.7.18.1.x86_64.rpm icewm-default-1.4.2-150000.7.18.1.x86_64.rpm icewm-lang-1.4.2-150000.7.18.1.noarch.rpm icewm-lite-1.4.2-150000.7.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1793 Optional update for java modules low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for java modules and related fixes the following issue: - Rebuild for consistency across products, no source changes: - Packages being rebuilt: apiguardian assertj-core byte-buddy dom4j hamcrest jaxen jdom jopt-simple junit junit5 objectweb-asm open-test-reporting saxpath xom fasterxml-oss-parent objectweb-asm-9.7-150200.3.17.1.noarch.rpm objectweb-asm-9.7-150200.3.17.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1534 Security update for augeas low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) augeas-1.14.1-150600.3.3.1.src.rpm augeas-1.14.1-150600.3.3.1.x86_64.rpm augeas-devel-1.14.1-150600.3.3.1.x86_64.rpm augeas-lenses-1.14.1-150600.3.3.1.x86_64.rpm libaugeas0-1.14.1-150600.3.3.1.x86_64.rpm libfa1-1.14.1-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2172 Recommended update for iotop moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for iotop fixes the following issue: - Detect the kernel.task_delayacct sysctl value (bsc#1241104). iotop-0.6-150000.4.6.2.noarch.rpm iotop-0.6-150000.4.6.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2057 Security update for python311 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273). * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032) - Other changes and bugs fixed: * Improved handling of system call failures that OpenSSL reports (bsc#1241067) * Disable GC during thread operations to prevent deadlocks. * Fixed a potential denial of service vulnerability in the imaplib module. * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy. * Fixed parsing long IPv6 addresses with embedded IPv4 address. * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596 * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress. * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects * os.path.realpath() now accepts a strict keyword-only argument. * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. * Updated bundled libexpat to 2.7.1 * Writers of CPython documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. libpython3_11-1_0-3.11.13-150600.3.30.1.x86_64.rpm python311-base-3.11.13-150600.3.30.1.x86_64.rpm python311-core-3.11.13-150600.3.30.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1891 Optional update for update-test-trivial low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for update-test-trivial fixes the following issue: - Test maintenance workflow for 15-SP7 products. update-test-32bit-pkg-32bit-5.1-150200.41.2.x86_64.rpm update-test-32bit-pkg-5.1-150200.41.2.x86_64.rpm update-test-affects-package-manager-5.1-150200.41.2.x86_64.rpm update-test-broken-5.1-150200.41.2.x86_64.rpm update-test-feature-5.1-150200.41.2.x86_64.rpm update-test-interactive-5.1-150200.41.2.x86_64.rpm update-test-optional-5.1-150200.41.2.x86_64.rpm update-test-reboot-needed-5.1-150200.41.2.x86_64.rpm update-test-relogin-suggested-5.1-150200.41.2.x86_64.rpm update-test-retracted-5.1-150200.41.2.x86_64.rpm update-test-security-5.1-150200.41.2.x86_64.rpm update-test-trivial-5.1-150200.41.2.src.rpm update-test-trivial-5.1-150200.41.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1721 Recommended update for hwdata moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix hwdata-0.394-150000.3.77.2.noarch.rpm hwdata-0.394-150000.3.77.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1527 Recommended update for libsolv, libzypp, zypper important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more <repo> related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) libsolv-0.7.32-150600.8.10.1.src.rpm True libsolv-devel-0.7.32-150600.8.10.1.x86_64.rpm True libsolv-tools-0.7.32-150600.8.10.1.x86_64.rpm True libsolv-tools-base-0.7.32-150600.8.10.1.x86_64.rpm True libzypp-17.36.7-150600.3.53.1.src.rpm True libzypp-17.36.7-150600.3.53.1.x86_64.rpm True libzypp-devel-17.36.7-150600.3.53.1.x86_64.rpm True python3-solv-0.7.32-150600.8.10.1.x86_64.rpm True ruby-solv-0.7.32-150600.8.10.1.x86_64.rpm True zypper-1.14.89-150600.10.31.1.src.rpm True zypper-1.14.89-150600.10.31.1.x86_64.rpm True zypper-log-1.14.89-150600.10.31.1.noarch.rpm True zypper-needs-restarting-1.14.89-150600.10.31.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-1503 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) - CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) - CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) libsoup-2_4-1-2.74.3-150600.4.6.1.x86_64.rpm libsoup2-2.74.3-150600.4.6.1.src.rpm libsoup2-devel-2.74.3-150600.4.6.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.6.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1504 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) - CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) - CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI (bsc#1240754) - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) - CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) - CVE-2025-32908: Fixed HTTP request may lead to server crash due to HTTP/2 server not fully validating the values of pseudo-headers (bsc#1241223) - CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) - CVE-2025-32910: Fixed NULL pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) - CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params" (bsc#1241238) - CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) - CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) - CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) libsoup-3.4.4-150600.3.7.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.7.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.7.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.7.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1685 Recommended update for sysstat moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sysstat fixes the following issues: - Removed cron dependency in favour of systemd timers (bsc#1239297) - Removed sysstat.cron.suse sysstat-12.0.2-150000.3.40.1.src.rpm sysstat-12.0.2-150000.3.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1733 Recommended update for krb5 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for krb5 fixes the following issue: - Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060). krb5-1.20.1-150600.11.11.2.src.rpm krb5-1.20.1-150600.11.11.2.x86_64.rpm krb5-client-1.20.1-150600.11.11.2.x86_64.rpm krb5-devel-1.20.1-150600.11.11.2.x86_64.rpm krb5-plugin-preauth-otp-1.20.1-150600.11.11.2.x86_64.rpm krb5-plugin-preauth-pkinit-1.20.1-150600.11.11.2.x86_64.rpm krb5-32bit-1.20.1-150600.11.11.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1511 Security update for apparmor moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) apparmor-3.1.7-150600.5.9.1.src.rpm apparmor-abstractions-3.1.7-150600.5.9.1.noarch.rpm apparmor-docs-3.1.7-150600.5.9.1.noarch.rpm apparmor-parser-3.1.7-150600.5.9.1.x86_64.rpm apparmor-parser-lang-3.1.7-150600.5.9.1.noarch.rpm apparmor-profiles-3.1.7-150600.5.9.1.noarch.rpm apparmor-utils-3.1.7-150600.5.9.1.noarch.rpm apparmor-utils-lang-3.1.7-150600.5.9.1.noarch.rpm libapparmor-3.1.7-150600.5.9.1.src.rpm libapparmor-devel-3.1.7-150600.5.9.1.x86_64.rpm libapparmor1-3.1.7-150600.5.9.1.x86_64.rpm pam_apparmor-3.1.7-150600.5.9.1.x86_64.rpm python3-apparmor-3.1.7-150600.5.9.1.x86_64.rpm libapparmor1-32bit-3.1.7-150600.5.9.1.x86_64.rpm pam_apparmor-32bit-3.1.7-150600.5.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1606 Recommended update for librdkafka moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for librdkafka fixes the following issues: - Avoid endless loops under certain circumstances (bsc#1242842) librdkafka-0.11.6-150600.16.3.1.src.rpm librdkafka1-0.11.6-150600.16.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2017 Security update for s390-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for s390-tools fixes the following issues: Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. (bsc#1242622) Other issues: - Added the new IBM z17 (9175) processor type. s390-tools-2.37.0-150700.4.3.1.src.rpm s390-tools-2.37.0-150700.4.3.1.x86_64.rpm s390-tools-genprotimg-data-2.37.0-150700.4.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1582 Security update for brltty moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for brltty fixes the following issues: - Avoid having brlapi.key temporarily world-readable during creation (bsc#1235438). brlapi-devel-6.6-150600.3.3.1.x86_64.rpm brltty-6.6-150600.3.3.1.src.rpm libbrlapi0_8-6.6-150600.3.3.1.x86_64.rpm python3-brlapi-6.6-150600.3.3.1.x86_64.rpm system-user-brltty-6.6-150600.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1781 Recommended update for pipewire moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pipewire fixes the following issue: - Add patch from upstream to make pipewire not run as root at all (bsc#1222762). libpipewire-0_3-0-1.0.5+git36.60deeb2-150600.3.6.2.x86_64.rpm pipewire-1.0.5+git36.60deeb2-150600.3.6.2.src.rpm pipewire-modules-0_3-1.0.5+git36.60deeb2-150600.3.6.2.x86_64.rpm pipewire-spa-plugins-0_2-1.0.5+git36.60deeb2-150600.3.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1776 Security update for iputils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) iputils-20221126-150500.3.11.1.src.rpm iputils-20221126-150500.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1800 Recommended update for python-pyzmq moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-pyzmq fixes the following issues: - Prevent open files leak by closing sockets on timeout (bsc#1241624) python-pyzmq-17.1.2-150000.3.8.1.src.rpm python3-pyzmq-17.1.2-150000.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1565 Security update for open-vm-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fix building with containerd 1.7.25+ (bsc#1237147) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog libvmtools-devel-12.5.2-150600.3.12.1.x86_64.rpm libvmtools0-12.5.2-150600.3.12.1.x86_64.rpm open-vm-tools-12.5.2-150600.3.12.1.src.rpm open-vm-tools-12.5.2-150600.3.12.1.x86_64.rpm open-vm-tools-salt-minion-12.5.2-150600.3.12.1.x86_64.rpm open-vm-tools-sdmp-12.5.2-150600.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1651 Security update for ucode-intel moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250512 release (bsc#1243123) - CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. - Updates for functional issues. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2) | ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2) | GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6 | LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3 | EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5 | GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3 | MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores | TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile | TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile ucode-intel-20250512-150200.56.1.src.rpm True ucode-intel-20250512-150200.56.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-1644 Security update for postgresql17 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ libpq5-17.5-150600.13.13.1.x86_64.rpm postgresql17-17.5-150600.13.13.1.src.rpm postgresql17-17.5-150600.13.13.1.x86_64.rpm libpq5-32bit-17.5-150600.13.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1742 Recommended update for nvidia-open-driver-G06-signed important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - Update non-CUDA variant to 570.153.02 (bsc#1243192) - Disabled unsupported -rt flavor (bsc#1242054) nv-prefer-signed-open-driver-570.133.20-150700.3.3.1.x86_64.rpm nvidia-open-driver-G06-signed-570.153.02-150700.3.3.1.src.rpm nvidia-open-driver-G06-signed-cuda-570.133.20-150700.3.3.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-570.133.20-150700.3.3.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_150700.51-150700.3.3.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-570.153.02-150700.3.3.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-570.153.02_k6.4.0_150700.51-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1726 Security update for python-tornado important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-tornado fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service (bsc#1243268). python-tornado-4.5.3-150000.3.10.1.src.rpm python3-tornado-4.5.3-150000.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1702 Security update for glibc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). glibc-2.38-150600.14.32.1.src.rpm glibc-2.38-150600.14.32.1.x86_64.rpm glibc-devel-2.38-150600.14.32.1.x86_64.rpm glibc-extra-2.38-150600.14.32.1.x86_64.rpm glibc-i18ndata-2.38-150600.14.32.1.noarch.rpm glibc-info-2.38-150600.14.32.1.noarch.rpm glibc-lang-2.38-150600.14.32.1.noarch.rpm glibc-locale-2.38-150600.14.32.1.x86_64.rpm glibc-locale-base-2.38-150600.14.32.1.x86_64.rpm glibc-profile-2.38-150600.14.32.1.x86_64.rpm libnsl1-2.38-150600.14.32.1.x86_64.rpm nscd-2.38-150600.14.32.1.x86_64.rpm glibc-32bit-2.38-150600.14.32.1.x86_64.rpm glibc-locale-base-32bit-2.38-150600.14.32.1.x86_64.rpm libnsl1-32bit-2.38-150600.14.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1810 Security update for python3-setuptools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). python3-setuptools-44.1.1-150400.9.12.1.noarch.rpm python3-setuptools-44.1.1-150400.9.12.1.src.rpm python3-setuptools-test-44.1.1-150400.9.12.1.noarch.rpm python3-setuptools-test-44.1.1-150400.9.12.1.src.rpm python3-setuptools-wheel-44.1.1-150400.9.12.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2215 Recommended update for firewalld moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for firewalld fixes the following issue: Align with up to update python stack tools. This update also ships python311-firewall and python311-dbus-python to the Python3 Module. firewalld-2.0.1-150600.3.9.1.noarch.rpm firewalld-2.0.1-150600.3.9.1.src.rpm firewalld-bash-completion-2.0.1-150600.3.9.1.noarch.rpm firewalld-lang-2.0.1-150600.3.9.1.noarch.rpm firewalld-zsh-completion-2.0.1-150600.3.9.1.noarch.rpm python3-firewall-2.0.1-150600.3.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1741 Recommended update for autoyast2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for autoyast2 fixes the following issues: - Move the firewall section before software in inst_autosetup (bsc#1243185) autoyast2-4.7.3-150700.3.3.1.noarch.rpm autoyast2-4.7.3-150700.3.3.1.src.rpm autoyast2-installation-4.7.3-150700.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2013 Security update for pam important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). pam-1.3.0-150000.6.83.1.src.rpm pam-1.3.0-150000.6.83.1.x86_64.rpm pam-devel-1.3.0-150000.6.83.1.x86_64.rpm pam-doc-1.3.0-150000.6.83.1.noarch.rpm pam-extra-1.3.0-150000.6.83.1.x86_64.rpm pam-32bit-1.3.0-150000.6.83.1.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.83.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1747 Security update for grub2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: Security fixes: - CVE-2025-4382: exposure of data from encrypted device through CLI once the root device is successfully unlocked via TPM (bsc#1242971). Other bug fixes: - Fix incorrect nvme disks and boot order in bootlist output (bsc#1237174). grub2-2.12-150700.19.3.1.src.rpm True grub2-2.12-150700.19.3.1.x86_64.rpm True grub2-i386-pc-2.12-150700.19.3.1.noarch.rpm True grub2-snapper-plugin-2.12-150700.19.3.1.noarch.rpm True grub2-systemd-sleep-plugin-2.12-150700.19.3.1.noarch.rpm True grub2-x86_64-efi-2.12-150700.19.3.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2199 Recommended update for mdadm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mdadm fixes the following issues: - Add MAILFROM address to email envelope to avoid smtp auth errors (bsc#1241474). - Allow any valid minor name in md device name (bsc#1240789). - Add dependency on suse-module-tools for SLE15 (bsc#1242696). - Remove a redundant macro definition. - Remove duplicated code (bsc#1226413). mdadm-4.4-150700.4.5.3.src.rpm mdadm-4.4-150700.4.5.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1740 Recommended update for sssd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Build with openldap 2.5 which supports TLS channel binding (bsc#1229655) - Allow multiple services per port (bsc#1234368) - Fix filedescriptor leak related to getpwnam()/getpwuid() (bsc#1234384) - Revert the change dropping /etc/sssd/conf.d dir (bsc#1234420) libipa_hbac-devel-2.9.3-150700.9.3.1.x86_64.rpm libipa_hbac0-2.9.3-150700.9.3.1.x86_64.rpm libsss_certmap-devel-2.9.3-150700.9.3.1.x86_64.rpm libsss_certmap0-2.9.3-150700.9.3.1.x86_64.rpm libsss_idmap-devel-2.9.3-150700.9.3.1.x86_64.rpm libsss_idmap0-2.9.3-150700.9.3.1.x86_64.rpm libsss_nss_idmap-devel-2.9.3-150700.9.3.1.x86_64.rpm libsss_nss_idmap0-2.9.3-150700.9.3.1.x86_64.rpm libsss_simpleifp-devel-2.9.3-150700.9.3.1.x86_64.rpm libsss_simpleifp0-2.9.3-150700.9.3.1.x86_64.rpm python3-sssd-config-2.9.3-150700.9.3.1.x86_64.rpm sssd-2.9.3-150700.9.3.1.src.rpm sssd-2.9.3-150700.9.3.1.x86_64.rpm sssd-ad-2.9.3-150700.9.3.1.x86_64.rpm sssd-dbus-2.9.3-150700.9.3.1.x86_64.rpm sssd-ipa-2.9.3-150700.9.3.1.x86_64.rpm sssd-kcm-2.9.3-150700.9.3.1.x86_64.rpm sssd-krb5-2.9.3-150700.9.3.1.x86_64.rpm sssd-krb5-common-2.9.3-150700.9.3.1.x86_64.rpm sssd-ldap-2.9.3-150700.9.3.1.x86_64.rpm sssd-proxy-2.9.3-150700.9.3.1.x86_64.rpm sssd-tools-2.9.3-150700.9.3.1.x86_64.rpm sssd-winbind-idmap-2.9.3-150700.9.3.1.x86_64.rpm sssd-32bit-2.9.3-150700.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2026 Security update for pam_pkcs11 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pam_pkcs11 fixes the following issues: - CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226). pam_pkcs11-0.6.10-150600.16.8.1.src.rpm pam_pkcs11-0.6.10-150600.16.8.1.x86_64.rpm pam_pkcs11-32bit-0.6.10-150600.16.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2016 Security update for screen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for screen fixes the following issues: Security issues fixed: - CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking (bsc#1242269). Other issues fixed: - Use TTY file descriptor passing after a suspend (`MSG_CONT`). - Fix resume after suspend in multi-user mode. screen-4.6.2-150000.5.8.1.src.rpm screen-4.6.2-150000.5.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1787 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: * CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG (bsc#1243361). * CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS issues that arise under heavy query load (bsc#1236597). * CVE-2024-11187: CPU exhaustion when processing queries that lead to responses containing several records in the Additional data section (bsc#1236596). - Changelog: - Feature changes: * Performance optimization for NSEC3 lookups introduced in BIND 9.20.2 was reverted to avoid risks associated with a complex code change. * The configuration clauses parental-agents and primaries are renamed to remote-servers. * Add none parameter to query-source and query-source-v6 to disable IPv4 or IPv6 upstream queries but allow listening to queries from clients on IPv4 or IPv6. * dnssec-ksr now supports KSK rollovers. * Print RFC 7314: EXPIRE option in transfer summary. * Emit more helpful log messages for exceeding max-records-per-type. * Harden key management when key files have become unavailable. - New Features: * Add support for EDE 20 (Not Authoritative). * Add support for EDE 7 and EDE 8. * `dig` can now display the received BADVERS message during negotiation. * Add an `rndc` command to reset some statistics counters. * Implement the min-transfer-rate-in configuration option. * Add HTTPS record query to host command line tool. * Implement sig0key-checks-limit and sig0message-checks-limit. * Adds support for EDE code 1 and 2. * Add an rndc command to toggle jemalloc profiling. * Add support for multiple extended DNS errors. * Print the expiration time of stale records. * Add Extended DNS Error Code 22 - No Reachable Authority. * Add a new option to configure the maximum number of outgoing queries per client request. * Use the Server Name Indication (SNI) extension for all outgoing TLS connections. * Update built-in bind.keys file with the new 2025 IANA root key. * Add an initial-ds entry to bind.keys for the new root key, ID 38696, which is scheduled for publication in January 2025. - Bug Fixes: * Restore NSEC3 closest-encloser lookup improvements. * Stop caching lack of EDNS support. * Fix resolver statistics counters for timed-out responses. * Nested DNS validation could cause an assertion failure. * Wait for memory reclamation to finish in `named-checkconf`. * Ensure `max-clients-per-query` is at least `clients-per-query`. * Fix write after free in validator code. * Don't enforce NOAUTH/NOCONF flags in DNSKEYs. * Fix several small DNSSEC timing issues. * Fix inconsistency in CNAME/DNAME handling during resolution. * Fix dual-stack-servers configuration option. * Fix a data race causing a permanent active client increase. * Fix deferred validation of unsigned DS and DNSKEY records. * Fix RPZ race condition during a reconfiguration. * "CNAME and other data check" not applied to all types. * Relax private DNSKEY and RRSIG constraints. * Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse(). * Fix TTL issue with ANY queries processed through RPZ "passthru";. * dnssec-signzone needs to check for a NULL key when setting offline. * Fix a bug in the statistics channel when querying zone transfer information. * Fix assertion failure when dumping recursing clients. * Dump the active resolver fetches from dns_resolver_dumpfetches(). * Recently expired records could be returned with a timestamp in future. * YAML string not terminated in negative response in delv. * Fix a bug in dnssec-signzone related to keys being offline. * Apply the memory limit only to ADB database items. * Avoid unnecessary locking in the zone/cache database. * Fix reporting of Extended DNS Error 22 (No Reachable Authority). * Fix nsupdate hang when processing a large update. * Fix possible assertion failure when reloading server while processing update policy rules. * Preserve cache across reconfig when using attach-cache. * Resolve the spurious drops in performance due to glue cache. * Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. * Fix improper handling of unknown directives in resolv.conf. * Fix response policy zones and catalog zones with an $INCLUDE statement defined. * Use TLS for notifies if configured to do so. * Notifies configured to use TLS will now be sent over TLS, instead of plain text UDP or TCP. Also, failing to load the TLS configuration for notify now results in an error.' * {&dns} is as valid as {?dns} in a SVCB's dohpath. * dig failed to parse a valid SVCB record with a dohpath URI template containing a {&dns}, like "dohpath=/some/path?key=value{&dns}";. * Fix NSEC3 closest encloser lookup for names with empty non-terminals. * A previous performance optimization for finding the NSEC3 closest encloser when generating authoritative responses could cause servers to return incorrect NSEC3 records in some cases. This has been fixed. * recursive-clients statement with value 0 triggered an assertion failure. * BIND 9.20.0 broke recursive-clients 0;. This has now been fixed. * Parsing of hostnames in rndc.conf was broken. * When DSCP support was removed, parsing of hostnames in rndc.conf was accidentally broken, resulting in an assertion failure. This has been fixed. * `dig` options of the form [+-]option=<value> failed to display the value on the printed command line. This has been fixed. * Provide more visibility into TLS configuration errors by logging SSL_CTX_use_certificate_chain_file() and SSL_CTX_use_PrivateKey_file() errors individually. * Fix a race condition when canceling ADB find which could cause an assertion failure. * SERVFAIL cache memory cleaning is now more aggressive; it no longer consumes a lot of memory if the server encounters many SERVFAILs at once. * Fix trying the next primary XoT server when the previous one was marked as unreachable. * In some cases named failed to try the next primary server in the primaries list when the previous one was marked as unreachable. This has been fixed. bind-9.20.9-150700.3.3.1.src.rpm bind-utils-9.20.9-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1737 Security update for gstreamer-plugins-bad important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing (bsc#1242809). gstreamer-plugins-bad-1.24.0-150600.4.3.1.src.rpm libgstphotography-1_0-0-1.24.0-150600.4.3.1.x86_64.rpm libgstplay-1_0-0-1.24.0-150600.4.3.1.x86_64.rpm libgstplayer-1_0-0-1.24.0-150600.4.3.1.x86_64.rpm libgsttranscoder-1_0-0-1.24.0-150600.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1746 Security update for webkit2gtk3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282). - CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243286). - CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash (bsc#1243288). - CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289). - CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596). - CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243424). Other changes and issues fixed: - Enable CSS overscroll behavior by default. - Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. - Fix rendering when device scale factor change comes before the web view geometry update. - Fix network process crash on exit. - Fix the build with ENABLE_RESOURCE_USAGE=OFF. - Fix several crashes and rendering issues. WebKitGTK-4.0-lang-2.48.2-150600.12.40.2.noarch.rpm WebKitGTK-6.0-lang-2.48.2-150600.12.40.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2.x86_64.rpm libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2.x86_64.rpm libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2.x86_64.rpm libwebkitgtk-6_0-4-2.48.2-150600.12.40.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2.x86_64.rpm webkit2gtk3-soup2-2.48.2-150600.12.40.2.src.rpm webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2.x86_64.rpm webkit2gtk4-2.48.2-150600.12.40.2.src.rpm webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1743 Security update for dnsdist important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dnsdist fixes the following issues: Update to version 1.9.10. - CVE-2025-30194: illegal memory access (double-free) when processing specially crafted DoH exchanges leads to a denial-of-service (bsc#1242028). - CVE-2025-30193: stack exhaustion when processing too many queries on incoming TCP connections leads to a denial-of-service (bsc#1243378). dnsdist-1.9.10-150700.3.3.1.src.rpm dnsdist-1.9.10-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2080 Security update for pam-config important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). pam-config-1.1-150600.16.8.1.src.rpm pam-config-1.1-150600.16.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2042 Security update for openssl-3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459). - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. (bsc#1236599) - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136) libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64.rpm libopenssl3-3.2.3-150700.5.5.1.x86_64.rpm openssl-3-3.2.3-150700.5.5.1.src.rpm openssl-3-3.2.3-150700.5.5.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1812 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) - CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) - CVE-2025-4476: Fixed NULL pointer dereference may lead to denial of service (bsc#1243422) libsoup-3.4.4-150600.3.10.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.10.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.10.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.10.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1802 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) - CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) - CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) - CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) - CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params". (bsc#1241238) - CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) - CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) libsoup-2_4-1-2.74.3-150600.4.9.1.x86_64.rpm libsoup2-2.74.3-150600.4.9.1.src.rpm libsoup2-devel-2.74.3-150600.4.9.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.9.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2892 Optional update for oath-toolkit low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for brltty provides the following fix: - Ship missing latest updates on specific architectures: system-user-brltty to x86_64. brltty to s390x. brlapi-devel-6.6-150600.3.5.1.x86_64.rpm brltty-6.6-150600.3.5.1.src.rpm libbrlapi0_8-6.6-150600.3.5.1.x86_64.rpm python3-brlapi-6.6-150600.3.5.1.x86_64.rpm system-user-brltty-6.6-150600.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1816 Security update for libcryptopp important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libcryptopp fixes the following issues: - CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection (bsc#1224280) libcryptopp-8.6.0-150400.3.9.1.src.rpm libcryptopp-devel-8.6.0-150400.3.9.1.x86_64.rpm libcryptopp8_6_0-8.6.0-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-907 Security update for kea important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kea fixes the following issues: Update to release 2.6.3 (bsc#1243240): - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissions can result in confidential information leakage. kea-2.6.3-150700.3.3.5.src.rpm python3-kea-2.6.3-150700.3.3.5.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2780 Recommended update for gcc14 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. gcc14-14.3.0+git11799-150000.1.11.1.src.rpm libasan8-14.3.0+git11799-150000.1.11.1.x86_64.rpm libasan8-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libatomic1-14.3.0+git11799-150000.1.11.1.x86_64.rpm libatomic1-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgcc_s1-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgcc_s1-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgfortran5-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgfortran5-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgomp1-14.3.0+git11799-150000.1.11.1.x86_64.rpm libgomp1-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libhwasan0-14.3.0+git11799-150000.1.11.1.x86_64.rpm libitm1-14.3.0+git11799-150000.1.11.1.x86_64.rpm libitm1-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm liblsan0-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2cor19-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2cor19-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2iso19-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2iso19-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2log19-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2log19-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2min19-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2min19-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2pim19-14.3.0+git11799-150000.1.11.1.x86_64.rpm libm2pim19-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libobjc4-14.3.0+git11799-150000.1.11.1.x86_64.rpm libobjc4-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libquadmath0-14.3.0+git11799-150000.1.11.1.x86_64.rpm libquadmath0-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libstdc++6-14.3.0+git11799-150000.1.11.1.x86_64.rpm libstdc++6-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libstdc++6-locale-14.3.0+git11799-150000.1.11.1.x86_64.rpm libstdc++6-pp-14.3.0+git11799-150000.1.11.1.x86_64.rpm libstdc++6-pp-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm libtsan2-14.3.0+git11799-150000.1.11.1.x86_64.rpm libubsan1-14.3.0+git11799-150000.1.11.1.x86_64.rpm libubsan1-32bit-14.3.0+git11799-150000.1.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2007 Recommended update for libzypp, zypper moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the "metalink" attribute and reflect that the "url" elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. libzypp-17.37.5-150600.3.60.1.src.rpm True libzypp-17.37.5-150600.3.60.1.x86_64.rpm True libzypp-devel-17.37.5-150600.3.60.1.x86_64.rpm True zypper-1.14.90-150600.10.34.3.src.rpm True zypper-1.14.90-150600.10.34.3.x86_64.rpm True zypper-log-1.14.90-150600.10.34.3.noarch.rpm True zypper-needs-restarting-1.14.90-150600.10.34.3.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2218 Recommended update for osinfo-db moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for osinfo-db fixes the following issue: - virt-manager-common supports SLES16 ISO layout (bsc#1243296). osinfo-db-20250124-150700.5.3.2.noarch.rpm osinfo-db-20250124-150700.5.3.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2244 Security update for systemd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). libsystemd0-254.25-150600.4.40.1.x86_64.rpm libudev1-254.25-150600.4.40.1.x86_64.rpm systemd-254.25-150600.4.40.1.src.rpm systemd-254.25-150600.4.40.1.x86_64.rpm systemd-container-254.25-150600.4.40.1.x86_64.rpm systemd-coredump-254.25-150600.4.40.1.x86_64.rpm systemd-devel-254.25-150600.4.40.1.x86_64.rpm systemd-doc-254.25-150600.4.40.1.x86_64.rpm systemd-journal-remote-254.25-150600.4.40.1.x86_64.rpm systemd-lang-254.25-150600.4.40.1.noarch.rpm systemd-sysvcompat-254.25-150600.4.40.1.x86_64.rpm udev-254.25-150600.4.40.1.x86_64.rpm libsystemd0-32bit-254.25-150600.4.40.1.x86_64.rpm libudev1-32bit-254.25-150600.4.40.1.x86_64.rpm systemd-32bit-254.25-150600.4.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1884 Security update for perl-Crypt-OpenSSL-RSA moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS#1 v1.5 padding mode (Marvin Attack) (bsc#1221446) perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1.src.rpm perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1988 Security update for golang-github-prometheus-node_exporter moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-node_exporter was updated to version 1.9.1: - Security issues fixed: * CVE-2025-22870: Bumped golang.org/x/net to version 0.37.0 (bsc#1238686) - Other bugs fixed: * pressure: Fixed missing IRQ on older kernels * Fix Darwin memory leak golang-github-prometheus-node_exporter-1.9.1-150100.3.35.2.src.rpm golang-github-prometheus-node_exporter-1.9.1-150100.3.35.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2558 Recommended update for libsolv moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). libsolv-0.7.34-150600.8.17.2.src.rpm True libsolv-devel-0.7.34-150600.8.17.2.x86_64.rpm True libsolv-tools-0.7.34-150600.8.17.2.x86_64.rpm True libsolv-tools-base-0.7.34-150600.8.17.2.x86_64.rpm True libzypp-17.37.10-150600.3.74.1.src.rpm True libzypp-17.37.10-150600.3.74.1.x86_64.rpm True libzypp-devel-17.37.10-150600.3.74.1.x86_64.rpm True python3-solv-0.7.34-150600.8.17.2.x86_64.rpm True ruby-solv-0.7.34-150600.8.17.2.x86_64.rpm True zypper-1.14.92-150600.10.46.2.src.rpm True zypper-1.14.92-150600.10.46.2.x86_64.rpm True zypper-log-1.14.92-150600.10.46.2.noarch.rpm True zypper-needs-restarting-1.14.92-150600.10.46.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-1951 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49570: drm/xe/tracing: Fix a potential TP_printk UAF (bsc#1238782). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58074: drm/i915: Grab intel_display from the encoder to avoid potential (bsc#1238972). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2024-58091: drm/fbdev-dma: Add shadow buffering for deferred I/O (bsc#1240174). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21717: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq (bsc#1238866). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21800: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset (bsc#1238743). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21837: io_uring/uring_cmd: unconditionally copy SQEs at prep time (bsc#1239064). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21882: net/mlx5: Fix vport QoS cleanup on error (bsc#1240187). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21973: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} (bsc#1240803). - CVE-2025-21974: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() (bsc#1240800). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22094: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' (bsc#1241512). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23154: io_uring/net: fix io_req_post_cqe abuse by send bundle (bsc#1242533). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37747: kABI workaround for perf-Fix-hang-while-freeing-sigtrap-event (References: bsc#1242520). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 (stable-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: timer: Do not take register_mutex with copy_from/to_user() (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: Intel: sof_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() (git-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry (git-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() (git-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: cs42l43: Fix maximum ADC Volume (git-fixes). - ASoC: cs42l43: Reset clamp override on jack removal (git-fixes). - ASoC: dwc: always enable/disable i2s irqs (git-fixes). - ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: q6apm-dai: make use of q6apm_get_hw_pointer (git-fixes). - ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs (git-fixes). - ASoC: q6apm: add q6apm_get_hw_pointer helper (git-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: simple-card-utils.c: add missing dlc->of_node (stable-fixes). - ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix corrupted list in hci_chan_del (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (stable-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (git-fixes). - Bluetooth: btnxpuart: Fix kernel panic during FW release (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: qca: simplify WCN399x NVM loading (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - EDAC/i10nm: Add Intel Clearwater Forest server support (jsc#PED-10190). - Fix mismerge from SLE15-SP6 to SLE15-SP7 (bsc#1241591) - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - IB/mad: Check available slots before posting receive WRs (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: cyttsp5 - fix power control issue on wakeup (git-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest (bsc#1242205 ltc#212592). - KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests (jsc#PED-10539 git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes). - KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: update patch KVM-PPC-Enable-CAP_SPAPR_TCE_VFIO-on-pSeries-KVM-gue.patch (jsc#PED-10539 git-fixes bsc#1240419 ltc#212279). - KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Drop patch that caused a regression (bsc#1241123). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix allocation of QP table (git-fixes) - RDMA/bnxt_re: Fix budget handling of notification queue (git-fixes) - RDMA/bnxt_re: Fix reporting maximum SRQs on P7 chips (git-fixes) - RDMA/bnxt_re: Remove unusable nq variable (git-fixes) - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (git-fixes) - RDMA/core: Fix use-after-free when rename device name (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix invalid sq params not being blocked (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix page_size variable overflow (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - RDMA: update patch RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925). - Squashfs: check return result of sb_min_blocksize (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: gadget: core: create sysfs link between udc and gadget (git-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - Update config. Enable HiSi accel VFIO PCI (jsc#PED-12622) - Update config. Enable SPI DW mmio driver (jsc#PED-12622) - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - accel/ivpu: Fix PM related deadlocks in MS IOCTLs (git-fixes). - accel/ivpu: Fix deadlock in ivpu_ms_cleanup() (git-fixes). - accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() (git-fixes). - accel/ivpu: Increase DMA address range (PED-12367). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: Align documentation between bitmap_gather() and bitmap_scatter() (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix ethtool selftest output in one of the failure cases (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (git-fixes). - bnxt_en: fix module unload sequence (git-fixes). - bnxt_en: improve TX timestamping FIFO configuration (git-fixes). - bonding: fix incorrect MAC address setting to receive NS messages (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: fix potential error return (git-fixes). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - cgroup/cpuset: Fix error handling in remote_partition_disable() (bsc#1241166). - cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (bsc#1241166). - cgroup/cpuset: Fix spelling errors in file kernel/cgroup/cpuset.c (bsc#1241166). - char: misc: register chrdev region with all possible minors (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052). - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052). - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416). - crypto: qat - Fix typo "accelaration" (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add shutdown handler to qat_420xx (bsc#1239934). - crypto: qat - add shutdown handler to qat_4xxx (bsc#1239934). - crypto: qat - add shutdown handler to qat_c3xxx (bsc#1239934). - crypto: qat - add shutdown handler to qat_c62x (bsc#1239934). - crypto: qat - add shutdown handler to qat_dh895xcc (bsc#1239934). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove redundant prototypes in qat_c3xxx (bsc#1239934). - crypto: qat - remove redundant prototypes in qat_c62x (bsc#1239934). - crypto: qat - remove redundant prototypes in qat_dh895xcc (bsc#1239934). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (bsc#1242125). - devlink: fix port new reply cmd type (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: Fix typo in error message (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - docs: perf: Fix build warning of hisi-pcie-pmu.rst (bsc#1237704) - docs: perf: Update usage for target filter of hisi-pcie-pmu (bsc#1237704) - docs: thermal: sync hardware protection doc with code (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers/perf: hisi_pcie: Add more events for counting TLP bandwidth (bsc#1237704) - drivers/perf: hisi_pcie: Check the target filter properly (bsc#1237704) - drivers/perf: hisi_pcie: Fix incorrect counting under metric mode (bsc#1237704) - drivers/perf: hisi_pcie: Introduce hisi_pcie_pmu_get_event_ctrl_val() (bsc#1237704) - drivers/perf: hisi_pcie: Merge find_related_event() and (bsc#1237704) - drivers/perf: hisi_pcie: Relax the check on related events (bsc#1237704) - drivers/perf: hisi_pcie: Rename hisi_pcie_pmu_{config,clear}_filter() (bsc#1237704) - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/amdkfd: Evict all queues even HWS remove queue failed (stable-fixes). - drm/amd/display/dml2: use vzalloc rather than kzalloc (bsc#1241568). - drm/amd/display: Actually do immediate vblank disable (git-fixes). - drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 (stable-fixes). - drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() (git-fixes). - drm/amd/display: Do not write DP_MSTM_CTRL after LT (stable-fixes). - drm/amd/display: Enable urgent latency adjustment on DCN35 (stable-fixes). - drm/amd/display: Exit idle optimizations before accessing PHY (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix invalid context error in dml helper (git-fixes). - drm/amd/display: Fix message for support_edp0_on_dp1 (git-fixes). - drm/amd/display: Fix out-of-bound accesses (stable-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Increase vblank offdelay for PSR panels (git-fixes). - drm/amd/display: Protect FPU in dml21_copy() (git-fixes). - drm/amd/display: Protect FPU in dml2_init()/dml21_init() (git-fixes). - drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() (git-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: Temporarily disable hostvm on DCN31 (stable-fixes). - drm/amd/display: Update Cursor request mode to the beginning prefetch always (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix an indent issue in DML21 (git-fixes). - drm/amd/display: fix default brightness (git-fixes). - drm/amd/display: fix missing .is_two_pixels_per_container (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd/display: prevent hang on link training fail (stable-fixes). - drm/amd/display: stop DML2 from removing pipes based on planes (stable-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd/pm: add unique_id for gfx12 (stable-fixes). - drm/amd/pm: always allow ih interrupt from fw (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/display: Allow DCC for video formats on GFX12 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini() (git-fixes). - drm/amdgpu/gfx12: fix num_mec (git-fixes). - drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/mes11: optimize MES pipe FW version fetching (git-fixes). - drm/amdgpu/mes12: optimize MES pipe FW version fetching (git-fixes). - drm/amdgpu/pm: Handle SCLK offset correctly in overdrive for smu 14.0.2 (stable-fixes). - drm/amdgpu/pm: wire up hwmon fan speed for smu 14.0.2 (stable-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu/umsch: fix ucode check (git-fixes). - drm/amdgpu/vcn: using separate VCN1_AON_SOC offset (stable-fixes). - drm/amdgpu: Add back JPEG to video caps for carrizo and newer (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (stable-fixes). - drm/amdgpu: Increase KIQ invalidate_tlbs timeout (stable-fixes). - drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags (git-fixes). - drm/amdgpu: Prefer shadow rom when available (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: Remove JPEG from vega and carrizo video caps (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: Restore uncached behaviour on GFX12 (stable-fixes). - drm/amdgpu: Unlocked unmap only clear page table leaves (stable-fixes). - drm/amdgpu: Use the right function for hdp flush (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: fix warning of drm_mm_clean (git-fixes). - drm/amdgpu: grab an additional reference on the gang fence v2 (stable-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdgpu: immediately use GTT for new allocations (git-fixes). - drm/amdgpu: refine smu send msg debug log format (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (stable-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: Fix user queue validation on Gfx7/8 (git-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/ast: Fix ast_dp connection status (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/debugfs: fix printk format for bridge index (stable-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/color: Extract intel_color_modeset() (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/dsi: convert to struct intel_display (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/i915: Increase I915_PARAM_MMAP_GTT_VERSION version to indicate support for partial mmaps (git-fixes). - drm/i915: Plumb 'dsb' all way to the plane hooks (stable-fixes). - drm/imagination: fix firmware memory leaks (git-fixes). - drm/imagination: take paired job reference (git-fixes). - drm/mediatek: Fix config_updating flag never false when no mbox channel (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Fix value in <VBLKSTR> register (git-fixes). - drm/mipi-dbi: Fix blanking for non-16 bit formats (git-fixes). - drm/msm/a6xx+: Do not let IB_SIZE overflow (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not set crtc_state->mode_changed from atomic_check() (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi/phy: Program clock inverters in correct register (git-fixes). - drm/msm/dsi: Add check for devm_kstrdup() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/panic: fix overindented list items in documentation (git-fixes). - drm/panic: use `div_ceil` to clean Clippy warning (git-fixes). - drm/panthor: Update CS_STATUS_ defines to correct values (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: hdmi: Remove redundant assignments (stable-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: modeset: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm/tests: shmem: Fix memleak (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm/vmwgfx: Use VMware hypercall API (jsc#PED-11518). - drm/xe/dma_buf: stop relying on placement in unmap (git-fixes). - drm/xe/hw_engine: define sysfs_ops on all directories (git-fixes). - drm/xe/pm: Temporarily disable D3Cold on BMG (git-fixes). - drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs (git-fixes). - drm/xe/tests/mocs: Update xe_force_wake_get() return handling (stable-fixes). - drm/xe/userptr: Fix an incorrect assert (git-fixes). - drm/xe/userptr: fix notifier vs folio deadlock (git-fixes). - drm/xe/vf: Do not try to trigger a full GT reset if VF (stable-fixes). - drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (stable-fixes). - drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds (stable-fixes). - drm/xe: Add page queue multiplier (git-fixes). - drm/xe: Fix GT "for each engine" workarounds (stable-fixes). - drm/xe: Fix an out-of-bounds shift when invalidating TLB (git-fixes). - drm/xe: Fix exporting xe buffers multiple times (git-fixes). - drm/xe: Release guc ids before cancelling work (git-fixes). - drm/xe: Remove double pageflip (git-fixes). - drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value (git-fixes). - drm/xe: Set LRC addresses before guc load (git-fixes). - drm/xe: Use local fence in error path of xe_migrate_clear (git-fixes). - drm/xe: remove redundant check in xe_vm_create_ioctl() (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - drm: panel: jd9365da: fix reset signal polarity in unprepare (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - eth: bnxt: do not use BNXT_VNIC_NTUPLE unconditionally in queue restart logic (git-fixes). - eth: bnxt: fix memory leak in queue reset (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - eth: bnxt: fix out-of-range access of vnic_info array (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: ntuple: fix rss + ring_cookie check (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - ethtool: rss: fix hiding unsupported fields in dumps (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - gve: unlink old napi only if page pool exists (git-fixes). - gve: unlink old napi when stopping a queue using queue API (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: atr: Fix wrong include (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: Avoid setting default Rx VSI twice in switchdev setup (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - ice: Fix switchdev slow-path in LAG (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: do not configure destination override for switchdev (git-fixes). - ice: ensure periodic output start time is in the future (git-fixes). - ice: fix ice_parser_rt::bst_key array size (git-fixes). - ice: fix input validation for virtchnl BW (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: remove invalid parameter of equalizer (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: Acquire the lock before accessing the xn->salt (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: fix transaction timeouts on reset (git-fixes). - idpf: protect shutdown from reset (git-fixes). - idpf: record rx queue in skb for RSC packets (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input/vmmouse: Use VMware hypercall API (jsc#PED-11518). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - io_uring/sqpoll: Increase task_work submission batch size (bsc#1238585). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (bsc#1243341) - iommu/vt-d: Assign owner to the static identity domain (bsc#1241193). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - iommu/vt-d: Remove device comparison in context_setup_pass_through_cb (git-fixes). - iommu: Allow attaching static domains in iommu_attach_device_pasid() (bsc#1241193). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - iwlwifi: correct modinfo firmware ucode (bsc#1243020). - ixgbe: fix media type detection for E610 device (git-fixes). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for hci_core changes (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for l2cap_conn changes (git-fixes). - kABI workaround for powercap update (bsc#1241010). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel: Bad page map in process stress-ng-vm Revert commit (bsc#1241051) - kernel: Remove debug flavor (bsc#1243919). - keys: Fix UAF in key_put() (git-fixes). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - loop: Add sanity check for read/write_iter (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - mdacon: rework dependency list (git-fixes). - media: chips-media: wave5: Fix a hang after seeking (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in probe (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: imx214: Rectify probe error handling related to runtime PM (git-fixes). - media: i2c: imx219: Rectify runtime PM handling in probe and remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: intel/ipu6: set the dev_parent of video device to pdev (git-fixes). - media: omap3isp: Handle ARM dma_iommu_mapping (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake H DID (stable-fixes). - mei: me: add panther lake P DID (stable-fixes). - mei: vsc: Fix fortify-panic caused by invalid counted_by() use (git-fixes). - memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: fix rcv buffer auto-tuning (bsc#1220419 bsc#1222656 bsc#1236394). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: Fix incorrect IRQ pool usage when releasing IRQs (git-fixes). - net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (git-fixes). - net/mlx5: HWS, Rightsize bwc matcher priority (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Move ttc allocation after switch case to prevent leaks (git-fixes). - net/mlx5: Restore missing trace event when enabling vport QoS (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/mlx5e: TC, Continue the attr process even if encap entry is invalid (git-fixes). - net/mlx5e: Use custom tunnel header for vxlan gbp (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: free_netdev: exit earlier if dummy (bsc#1243215). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netlink: specs: rt-link: add an attr layer around alt-ifname (git-fixes). - netlink: specs: rt-link: adjust mctp attribute naming (git-fixes). - netlink: specs: rtnetlink: attribute naming corrections (git-fixes). - netlink: specs: tc: all actions are indexed arrays (git-fixes). - netlink: specs: tc: fix a couple of attribute names (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvme: update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - octeontx2-pf: Do not reallocate all ntuple filters (git-fixes). - octeontx2-pf: Fix ethtool support for SDP representors (git-fixes). - octeontx2-pf: handle otx2_mbox_get_rsp errors (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86/intel/ifs: Add Clearwater Forest to CPU support list (jsc#PED-10213). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (jsc#PED-10539 git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - powerpc: Do not use --- in kernel logs (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - ptp/vmware: Use VMware hypercall API (jsc#PED-11518). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - regulator: max20086: fix invalid memory access (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf sle_version was obsoleted for SLE16. It has to be combined with suse_version check (bsc#1239986). - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/ap: Fix CCA crypto card behavior within protected execution environment (git-fixes bsc#1243817 LTC#213623). - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979). - s390/cpumf: Update CPU Measurement facility extended counter set support (bsc#1243115). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390: Add z17 elf platform (bsc#1243116). - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (BSC#1241319). - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (bsc#1241319). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - sched/topology: Refinement to topology_span_sane speedup (bsc#1242119). - sched/topology: improve topology_span_sane speed (bsc#1242119). - sched: Add deprecation warning for users of RT_GROUP_SCHED (jsc#PED-11761 jsc#PED-12405). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: fnic: Fix indentation and remove unnecessary parenthesis (git-fixes). - scsi: fnic: Remove unnecessary debug print (git-fixes). - scsi: fnic: Remove unnecessary spinlock locking and unlocking (git-fixes). - scsi: fnic: Replace fnic->lock_flags with local flags (git-fixes). - scsi: fnic: Replace use of sizeof with standard usage (git-fixes). - scsi: hisi_sas: Check whether debugfs is enabled before removing or (bsc#1237546) - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: hisi_sas: Remove hisi_hba->timer for v3 hw (bsc#1237545) - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (bsc#1241388 jsc#PED-11258). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (bsc#1241388 jsc#PED-11258). - scsi: megaraid_sas: Make most module parameters static (bsc#1241388 jsc#PED-11258). - scsi: mpi3mr: Add level check to control event logging (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Avoid reply queue full condition (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Check admin reply queue from Watchdog (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpi3mr: Fix pending I/O counter (git-fixes). - scsi: mpi3mr: Fix spelling mistake "skiping" -> "skipping" (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Handling of fault code for insufficient power (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Reset the pending interrupt flag (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Support for Segmented Hardware Trace buffer (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Synchronize access to ioctl data buffer (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Task Abort EH Support (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update MPI Headers to revision 35 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.12.0.3.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.12.1.0.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.13.0.5.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update timestamp only for supervisor IOCs (bsc#1241388 jsc#PED-12372). - scsi: mpt3sas: Add details to EEDPTagMode error message (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Add support for MCTP Passthrough commands (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Fix spelling mistake "receveid" -> "received" (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: mpt3sas: Remove unused config functions (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Report driver capability as part of IOCINFO command (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Send a diag reset if target reset fails (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Update MPI headers to 02.00.62 version (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: update driver version to 52.100.00.00 (bsc#1241388 jsc#PED-11253). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - scsi: smartpqi: Use is_kdump_kernel() to check for kdump (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212) - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - soundwire: bus: Fix race on the creation of the IRQ domain (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - sqpoll: increase tw batch size (bsc#1238585). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - supported.conf: Mark HiSi DMA controller as supported (jsc#PED-12622) - supported.conf: Mark HiSi PMU drivers as supported (jsc#PED-12622) - supported.conf: Mark HiSi TRNG v2 as supported (jsc#PED-12622) - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: get rid of sysctl_tcp_adv_win_scale (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: increase the default TCP scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold (git-fixes). - thermal/drivers/mediatek/lvts: Disable monitor mode during suspend (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (stable-fixes). - usb: xhci: Do not skip on Stopped - Length Invalid (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (stable-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - video: screen_info: Update framebuffers behind PCI bridges (bsc#1240696). - virtchnl: make proto and filter action count unsigned (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: do not warn if the NIC is gone in resume (git-fixes). - wifi: iwlwifi: fix the check for the SCRATCH register upon resume (git-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: iwlwifi: pcie: Fix TSO preparation (git-fixes). - wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version 8 (stable-fixes). - wifi: mac80211, cfg80211: miscellaneous spelling fixes (git-fixes). - wifi: mac80211: Cleanup sta TXQs on flush (stable-fixes). - wifi: mac80211: Fix sparse warning for monitor_sdata (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mac80211: check basic rates validity in sta_link_apply_parameters (git-fixes). - wifi: mac80211: do not queue sdata::work for a non-running sdata (git-fixes). - wifi: mac80211: ensure sdata->work is canceled before initialized (stable-fixes). - wifi: mac80211: fix SA Query processing in MLO (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mac80211: remove debugfs dir for virtual monitor (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle "nosmt" correctly (git-fixes). - x86/microcode: Handle "offline" CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/sev: Move sev_setup_arch() to mem_encrypt.c (bsc#1239314). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/vmware: Add TDX hypercall support (jsc#PED-11518). - x86/vmware: Correct macro names (jsc#PED-11518). - x86/vmware: Introduce VMware hypercall API (jsc#PED-11518). - x86/vmware: Remove legacy VMWARE_HYPERCALL* macros (jsc#PED-11518). - x86/vmware: Use VMware hypercall API (jsc#PED-11518). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's "next" indication (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Limit time spent with xHC interrupts disabled during bus resume (stable-fixes). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). kernel-default-6.4.0-150700.53.3.1.nosrc.rpm True kernel-default-6.4.0-150700.53.3.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.3.1.150700.17.2.1.src.rpm True kernel-default-base-6.4.0-150700.53.3.1.150700.17.2.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.3.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.3.1.noarch.rpm True kernel-macros-6.4.0-150700.53.3.1.noarch.rpm True kernel-source-6.4.0-150700.53.3.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-1865 Recommended update for libnvme, nvme-cli moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Version update for libnvme to 1.11+4.ge68a91ae. - tree: add routine to fetch subsys firmware rev (bsc#1240518). - tree: add routine to fetch subsys model (bsc#1240518). - tests: pass thru unknown ioctls. - linux: fix derive_psk_digest on OpenSSL version 1.1. - Version update for nvme-cli to 2.11+22.gd31b1a01. - nvme-print: display fw-rev in list-subsys output (bsc#1240518). - nvme-print: display model in list-subsys output (bsc#1240518). - netapp-ontapdev: add subsysname to regular output (bsc#1240518). - netapp-ontapdev: add subsysname to the verbose output (bsc#1240518). - Revert "nvme-print-json: display only verbose output". libnvme-1.11+4.ge68a91ae-150700.4.3.2.src.rpm libnvme-devel-1.11+4.ge68a91ae-150700.4.3.2.x86_64.rpm libnvme-mi1-1.11+4.ge68a91ae-150700.4.3.2.x86_64.rpm libnvme1-1.11+4.ge68a91ae-150700.4.3.2.x86_64.rpm nvme-cli-2.11+22.gd31b1a01-150700.3.3.2.src.rpm nvme-cli-2.11+22.gd31b1a01-150700.3.3.2.x86_64.rpm nvme-cli-bash-completion-2.11+22.gd31b1a01-150700.3.3.2.noarch.rpm nvme-cli-zsh-completion-2.11+22.gd31b1a01-150700.3.3.2.noarch.rpm python3-libnvme-1.11+4.ge68a91ae-150700.4.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2166 Security update for himmelblau important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for himmelblau fixes the following issues: - CVE-2025-5791: Fixed using deprecated `users` crate (bsc#1244202) - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242648) Update to version 0.7.17+git.0.1ebdab0 * Update sccache-action version to use new cache service himmelblau-0.7.17+git.0.1ebdab0-150700.3.3.2.src.rpm himmelblau-0.7.17+git.0.1ebdab0-150700.3.3.2.x86_64.rpm himmelblau-sshd-config-0.7.17+git.0.1ebdab0-150700.3.3.2.noarch.rpm libnss_himmelblau2-0.7.17+git.0.1ebdab0-150700.3.3.2.x86_64.rpm pam-himmelblau-0.7.17+git.0.1ebdab0-150700.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1866 Recommended update for kbd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230) kbd-2.4.0-150700.15.3.1.src.rpm kbd-2.4.0-150700.15.3.1.x86_64.rpm kbd-legacy-2.4.0-150700.15.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2287 Recommended update for Mesa important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for Mesa fixes the following issues: - Fixes Wayland session when using SP7 as vmware guest (bsc#1245034) - Fixes crash in libgallium on virtualbox (bsc#1241701) Mesa-24.3.3-150700.93.5.1.src.rpm Mesa-24.3.3-150700.93.5.1.x86_64.rpm Mesa-KHR-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-dri-24.3.3-150700.93.5.1.x86_64.rpm Mesa-dri-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-drivers-24.3.3-150700.93.5.1.src.rpm Mesa-gallium-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libEGL-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libEGL1-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGL-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGL1-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGLESv1_CM-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGLESv2-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGLESv3-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libd3d-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libd3d-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libglapi-devel-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libglapi0-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libva-24.3.3-150700.93.5.1.x86_64.rpm Mesa-vulkan-device-select-24.3.3-150700.93.5.1.x86_64.rpm Mesa-vulkan-overlay-24.3.3-150700.93.5.1.x86_64.rpm libOSMesa-devel-24.3.3-150700.93.5.1.x86_64.rpm libOSMesa8-24.3.3-150700.93.5.1.x86_64.rpm libgbm-devel-24.3.3-150700.93.5.1.x86_64.rpm libgbm1-24.3.3-150700.93.5.1.x86_64.rpm libvdpau_r600-24.3.3-150700.93.5.1.x86_64.rpm libvdpau_radeonsi-24.3.3-150700.93.5.1.x86_64.rpm libvdpau_virtio_gpu-24.3.3-150700.93.5.1.x86_64.rpm libvulkan_intel-24.3.3-150700.93.5.1.x86_64.rpm libvulkan_lvp-24.3.3-150700.93.5.1.x86_64.rpm libvulkan_radeon-24.3.3-150700.93.5.1.x86_64.rpm libxatracker-devel-1.0.0-150700.93.5.1.x86_64.rpm libxatracker2-1.0.0-150700.93.5.1.x86_64.rpm Mesa-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-dri-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-gallium-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libEGL1-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libGL1-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libglapi0-32bit-24.3.3-150700.93.5.1.x86_64.rpm Mesa-libva-32bit-24.3.3-150700.93.5.1.x86_64.rpm libgbm1-32bit-24.3.3-150700.93.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1968 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-5601: Dissection engine crash (bsc#1244081). libwireshark17-4.2.12-150600.18.23.1.x86_64.rpm libwiretap14-4.2.12-150600.18.23.1.x86_64.rpm libwsutil15-4.2.12-150600.18.23.1.x86_64.rpm wireshark-4.2.12-150600.18.23.1.src.rpm wireshark-4.2.12-150600.18.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1981 Security update for xorg-x11-server important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) (bsc#1244082). - CVE-2025-49176: Integer overflow in Big Requests Extension (bsc#1244084). - CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) (bsc#1244085). - CVE-2025-49178: Unprocessed client request via bytes to ignore (bsc#1244087). - CVE-2025-49179: Integer overflow in X Record extension (bsc#1244089). - CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) (bsc#1244090). xorg-x11-server-21.1.15-150700.5.3.1.src.rpm xorg-x11-server-21.1.15-150700.5.3.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-150700.5.3.1.x86_64.rpm xorg-x11-server-extra-21.1.15-150700.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2792 Recommended update for supportutils-scrub low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for supportutils-scrub fixes the following issues: - Initial release supportutils-scrub-1.0-150100.3.3.2.noarch.rpm supportutils-scrub-1.0-150100.3.3.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2027 Security update for perl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). perl-5.26.1-150300.17.20.1.src.rpm perl-5.26.1-150300.17.20.1.x86_64.rpm perl-base-5.26.1-150300.17.20.1.x86_64.rpm perl-core-DB_File-5.26.1-150300.17.20.1.x86_64.rpm perl-base-32bit-5.26.1-150300.17.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2512 Recommended update for libvirt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libvirt fixes the following issues: - qemu: Fix NVRAM image conversion check (bsc#1245541) - qemu: Avoid crash in qemuDomainCheckCPU with unknown host CPU - cpu: Do not call g_strv_contains on NULL list - qemu: Be more forgiving when acquiring QUERY job when formatting domain XML - qemu: Fix failure when reverting to internal snapshots (bsc#1244488) - Add support for 'sparse' save image format - Add support for parallel save and restore - Improve VM Suspend and Resume Performance (jsc#PED-12599) libvirt-11.0.0-150700.4.7.1.src.rpm libvirt-libs-11.0.0-150700.4.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-1998 Security update for python-requests moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak (bsc#1244039). python-requests-2.25.1-150300.3.15.1.src.rpm python3-requests-2.25.1-150300.3.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2030 Security update for xen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: Security fixes: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) Other fixes: - Upstream bug fixes (bsc#1027519) xen-4.20.0_12-150700.3.3.1.src.rpm True xen-libs-4.20.0_12-150700.3.3.1.x86_64.rpm True xen-tools-domU-4.20.0_12-150700.3.3.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-1963 Recommended update for clamav important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for clamav fixes the following issues: - Fix a race condition between the mockup servers started by different test cases in freshclam_test.py (bsc#1243565). clamav-1.4.2-150600.18.15.1.src.rpm clamav-1.4.2-150600.18.15.1.x86_64.rpm clamav-devel-1.4.2-150600.18.15.1.x86_64.rpm clamav-docs-html-1.4.2-150600.18.15.1.noarch.rpm clamav-milter-1.4.2-150600.18.15.1.x86_64.rpm libclamav12-1.4.2-150600.18.15.1.x86_64.rpm libclammspack0-1.4.2-150600.18.15.1.x86_64.rpm libfreshclam3-1.4.2-150600.18.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2778 Security update for python3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). libpython3_6m1_0-3.6.15-150300.10.97.1.x86_64.rpm python3-3.6.15-150300.10.97.2.src.rpm python3-3.6.15-150300.10.97.2.x86_64.rpm python3-base-3.6.15-150300.10.97.1.x86_64.rpm python3-core-3.6.15-150300.10.97.1.src.rpm python3-curses-3.6.15-150300.10.97.2.x86_64.rpm python3-dbm-3.6.15-150300.10.97.2.x86_64.rpm python3-devel-3.6.15-150300.10.97.1.x86_64.rpm python3-idle-3.6.15-150300.10.97.2.x86_64.rpm python3-tk-3.6.15-150300.10.97.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2719 Security update for libgcrypt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). libgcrypt-1.11.0-150700.5.7.1.src.rpm libgcrypt-devel-1.11.0-150700.5.7.1.x86_64.rpm libgcrypt20-1.11.0-150700.5.7.1.x86_64.rpm libgcrypt20-32bit-1.11.0-150700.5.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2152 Recommended update for zsh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for zsh fixes the following issues: - Update to version 5.8.1 * See included NEWS file for complete changes * Implements ECO PED-12771 zsh-5.8.1-150600.18.3.2.src.rpm zsh-5.8.1-150600.18.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2230 Security update for samba moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for samba fixes the following issues: - CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session (bsc#1244136). Other bugfixes: - net ad join fails with "Failed to join domain: failed to create kerberos keytab" (bsc#1238063). ldb-tools-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm libldb-devel-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm libldb2-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm python3-ldb-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-4.21.6+git.402.80f493f530f-150700.3.3.1.src.rpm samba-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-ceph-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-client-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-client-libs-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-dcerpc-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-devel-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-gpupdate-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-ldb-ldap-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-libs-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-libs-python3-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-python3-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-tool-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-winbind-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-winbind-libs-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm libldb2-32bit-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-client-libs-32bit-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-libs-32bit-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm samba-winbind-libs-32bit-4.21.6+git.402.80f493f530f-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2105 Security update for perl-File-Find-Rule important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl-File-Find-Rule fixes the following issues: - CVE-2011-10007: Fixed arbitrary code execution when `grep()` encounters a crafted filename (bsc#1244148). perl-File-Find-Rule-0.34-150000.3.3.1.noarch.rpm perl-File-Find-Rule-0.34-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2240 Recommended update for openssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssh fixes the following issue: - "scp" on SLE 15 ignores write directory permissions for group and world (bsc#1241667). openssh-9.6p1-150600.6.29.2.src.rpm openssh-9.6p1-150600.6.29.2.x86_64.rpm openssh-clients-9.6p1-150600.6.29.2.x86_64.rpm openssh-common-9.6p1-150600.6.29.2.x86_64.rpm openssh-fips-9.6p1-150600.6.29.2.x86_64.rpm openssh-helpers-9.6p1-150600.6.29.2.x86_64.rpm openssh-server-9.6p1-150600.6.29.2.x86_64.rpm openssh-server-config-disallow-rootlogin-9.6p1-150600.6.29.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2282 Security update for umoci moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.5.0> bsc#1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a registry nor does it handle signatures, this vulnerability had no real impact on umoci but for safety we implemented the now-recommended media-type embedding and verification. CVE-2021-41190 Other changes in this release: * Several large reworks and API-related changes to the umoci's overlayfs support. This is only available to Go API users. * The runtime-spec config.json generated by umoci is updated to be more modern and work properly with modern runc versions. * The default gzip compression blocksize has been adjusted to match Docker. * zstd-compressed images are now fully supported. Users can explcitily request the compression algorithm for newly-generated layers with the --compress option. umoci-0.5.0-150000.3.15.1.src.rpm umoci-0.5.0-150000.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2167 Security update for glib2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). glib2-2.78.6-150600.4.16.1.src.rpm glib2-devel-2.78.6-150600.4.16.1.x86_64.rpm glib2-lang-2.78.6-150600.4.16.1.noarch.rpm glib2-tools-2.78.6-150600.4.16.1.x86_64.rpm libgio-2_0-0-2.78.6-150600.4.16.1.x86_64.rpm libglib-2_0-0-2.78.6-150600.4.16.1.x86_64.rpm libgmodule-2_0-0-2.78.6-150600.4.16.1.x86_64.rpm libgobject-2_0-0-2.78.6-150600.4.16.1.x86_64.rpm libgthread-2_0-0-2.78.6-150600.4.16.1.x86_64.rpm libgio-2_0-0-32bit-2.78.6-150600.4.16.1.x86_64.rpm libglib-2_0-0-32bit-2.78.6-150600.4.16.1.x86_64.rpm libgmodule-2_0-0-32bit-2.78.6-150600.4.16.1.x86_64.rpm libgobject-2_0-0-32bit-2.78.6-150600.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2160 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: Update non-CUDA variant to 570.169 (boo#1244614) - 60-nvidia-$flavor.conf * Don't try to load the driver if config and GSP firmware files are not available. Otherwise let the default install rule 'install nvidia-drm /sbin/modprobe --ignore-install nvidia-drm' of 50-nvidia.conf win, which comes together with config and GSP firmware files (package nvidia-common-G06). Update CUDA variant to 575.57.08. nv-prefer-signed-open-driver-575.57.08-150700.3.8.2.x86_64.rpm nvidia-open-driver-G06-signed-570.169-150700.3.8.2.src.rpm nvidia-open-driver-G06-signed-cuda-575.57.08-150700.3.8.2.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-575.57.08-150700.3.8.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-575.57.08_k6.4.0_150700.51-150700.3.8.2.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-570.169-150700.3.8.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-570.169_k6.4.0_150700.51-150700.3.8.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4085 Recommended update for openldap2_5 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openldap2_5 fixes the following issues: Version update 2.5.20 - Enabling LTO objects for static libraries compilation. - Upstream patch rollup (bsc#1241901). - Re-enable libldapcpp for yast2-users. - Add provides for openldap2-devel. - added ppolicy-check-password module (jsc#PED-13741) libldap-2_5-0-2.5.20+10-150500.11.35.1.x86_64.rpm openldap2_5-2.5.20+10-150500.11.35.1.src.rpm openldap2_5-client-2.5.20+10-150500.11.35.1.x86_64.rpm openldap2_5-devel-2.5.20+10-150500.11.35.1.x86_64.rpm openldap2_5-doc-2.5.20+10-150500.11.35.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2327 Recommended update for sysstat important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sysstat fixes the following issues: - Find command option -H added in /usr/lib64/sa/sa2. - Automatically enable systemd timers upon installation (bsc#1244553). - Determine whether the current readahead window tuning is appropriate for contemporary hardware(PED#12914). sysstat-12.0.2-150000.3.45.3.src.rpm sysstat-12.0.2-150000.3.45.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2272 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-5601: Dissection engine crash (bsc#1244081). wireshark-3.6.24-150000.3.121.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2086 Recommended update for kdump important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kdump fixes the following issues: - kdumptool calibrate: add per-cpu userspace requirements - set KDUMP_CPUs to 1 on XEN (bsc#1244289) kdump-2.0.18+git2.g881ca8c-150700.3.3.2.src.rpm kdump-2.0.18+git2.g881ca8c-150700.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2384 Security update for jq moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). jq-1.6-150000.3.6.1.src.rpm jq-1.6-150000.3.6.1.x86_64.rpm libjq-devel-1.6-150000.3.6.1.x86_64.rpm libjq1-1.6-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2301 Recommended update for cyrus-sasl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). cyrus-sasl-2.1.28-150600.7.6.2.src.rpm cyrus-sasl-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-crammd5-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-devel-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-digestmd5-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-gssapi-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-ntlm-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-otp-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-plain-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.6.2.src.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.6.2.x86_64.rpm libsasl2-3-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-32bit-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-crammd5-32bit-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-digestmd5-32bit-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-gssapi-32bit-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-plain-32bit-2.1.28-150600.7.6.2.x86_64.rpm libsasl2-3-32bit-2.1.28-150600.7.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2104 Recommended update for nfs-utils important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nfs-utils fixes the following issues: - gssd: add support for an "allowed-enctypes" option in nfs.conf (bsc#1240899) libnfsidmap0-0.26-150600.28.12.1.x86_64.rpm libnfsidmap1-1.0-150600.28.12.1.x86_64.rpm nfs-client-2.6.4-150600.28.12.1.x86_64.rpm nfs-doc-2.6.4-150600.28.12.1.x86_64.rpm nfs-kernel-server-2.6.4-150600.28.12.1.x86_64.rpm nfs-utils-2.6.4-150600.28.12.1.src.rpm nfsidmap-devel-1.0-150600.28.12.1.x86_64.rpm nfsidmap0-devel-0.26-150600.28.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2044 Security update for libblockdev important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libblockdev fixes the following issues: - CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285). libbd_crypto2-2.26-150400.3.5.1.x86_64.rpm libbd_fs2-2.26-150400.3.5.1.x86_64.rpm libbd_loop2-2.26-150400.3.5.1.x86_64.rpm libbd_lvm2-2.26-150400.3.5.1.x86_64.rpm libbd_mdraid2-2.26-150400.3.5.1.x86_64.rpm libbd_part2-2.26-150400.3.5.1.x86_64.rpm libbd_swap2-2.26-150400.3.5.1.x86_64.rpm libbd_utils2-2.26-150400.3.5.1.x86_64.rpm libblockdev-2.26-150400.3.5.1.src.rpm libblockdev-2.26-150400.3.5.1.x86_64.rpm libblockdev2-2.26-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2302 Security update for gstreamer-plugins-base moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404). - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403). - CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407). gstreamer-plugins-base-1.24.0-150600.3.11.1.src.rpm gstreamer-plugins-base-1.24.0-150600.3.11.1.x86_64.rpm gstreamer-plugins-base-devel-1.24.0-150600.3.11.1.x86_64.rpm gstreamer-plugins-base-lang-1.24.0-150600.3.11.1.noarch.rpm libgstallocators-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstapp-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstaudio-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstfft-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstgl-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstpbutils-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstriff-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstrtp-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstrtsp-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstsdp-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgsttag-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm libgstvideo-1_0-0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstApp-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstAudio-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstGL-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstRtp-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstSdp-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstTag-1_0-1.24.0-150600.3.11.1.x86_64.rpm typelib-1_0-GstVideo-1_0-1.24.0-150600.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2103 Recommended update for cifs-utils important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cifs-utils fixes the following issues: - Add patches: * Fix cifs.mount with krb5 auth (bsc#1243488) cifs-utils-6.15-150400.3.15.1.src.rpm cifs-utils-6.15-150400.3.15.1.x86_64.rpm cifs-utils-devel-6.15-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2063 Recommended update for qemu moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for qemu fixes the following issues: - Fix the *-video-gpu-ccw package not being present in products: * [openSUSE] rpm/spec: go back to only Recommending -video-gpu-ccw for s390x - Update to version 9.2.4: * target/hppa: Fix FPE exceptions * linux-user/hppa: Send proper si_code on SIGFPE exception * target/hppa: Copy instruction code into fr1 on FPU assist fault * migration: Allow caps to be set when preempt or multifd cap enabled * qapi/misc-target: Fix the doc to distinguish query-sgx and query-sgx-capabilities * hw/pci-host: Remove unused pci_host_data_be_ops * hw/pci-host/gt64120: Fix endianness handling * target/riscv/kvm: add kvm_csr_cfgs[] * target/riscv/kvm: turn kvm_riscv_reg_id_ulong() into a macro * target/riscv/kvm: turn u32/u64 reg functions into macros * target/riscv/kvm: fix leak in kvm_riscv_init_multiext_cfg() * target/riscv: Fix vslidedown with rvv_ta_all_1s * target/riscv: Fix the rvv reserved encoding of unmasked instructions * target/riscv: rvv: Apply vext_check_input_eew to vector indexed load/store instructions * target/riscv: rvv: Apply vext_check_input_eew to vector narrow/widen instructions * target/riscv: rvv: Apply vext_check_input_eew to vector integer extension instructions(OPMVV) * target/riscv: rvv: Apply vext_check_input_eew to vector slide instructions(OPIVI/OPIVX) * target/riscv: rvv: Apply vext_check_input_eew to OPIVV/OPFVV(vext_check_sss) instructions * target/riscv: rvv: Apply vext_check_input_eew to OPIVI/OPIVX/OPFVF(vext_check_ss) instructions * target/riscv: rvv: Apply vext_check_input_eew to vrgather instructions to check mismatched input EEWs encoding constraint * target/riscv: rvv: Add CHECK arg to GEN_OPFVF_WIDEN_TRANS * target/riscv: rvv: Source vector registers cannot overlap mask register * common-user/host/riscv: use tail pseudoinstruction for calling tail * target/riscv: fix endless translation loop on big endian systems * target/riscv: pmp: move Smepmp operation conversion into a function * virtio: Call set_features during reset * s390x: Fix leak in machine_set_loadparm * 9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd() * 9pfs: fix concurrent v9fs_reclaim_fd() calls - all glib2 versions are recent enough to use pcre2: * qemu-linux-user: drop pcre (by Andreas Stieger) - Correct wrong bug mentioned in changelog (bsc#1236329) - Update to latest stable release (9.2.3) Fixes: bsc#1236329 * hw/intc/aspeed: Fix IRQ handler mask check * hw/misc/aspeed_hace: Fix buffer overflow in has_padding function * target/riscv: fix handling of nop for vstart >= vl in some vector instruction * target/riscv: refactor VSTART_CHECK_EARLY_EXIT() to accept vl as a parameter * Makefile: "make dist" generates a .xz, not .bz2 * target/ppc: Fix e200 duplicate SPRs * target/ppc: Fix facility interrupt checks for VSX * ppc/spapr: fix default cpu for pre-9.0 machines. * host/include/loongarch64: Fix inline assembly compatibility with Clang * linux-user/riscv: Fix handling of cpu mask in riscv_hwprobe syscall * target/riscv: fixes a bug against `ssamoswap` behavior in M-mode * target/riscv: fix access permission checks for CSR_SSP * docs/about/emulation: Fix broken link * vdpa: Allow vDPA to work on big-endian machine * vdpa: Fix endian bugs in shadow virtqueue * target/loongarch: Fix vldi inst * target/arm: Simplify pstate_sm check in sve_access_check * target/arm: Make DisasContext.{fp, sve}_access_checked tristate * util/cacheflush: Make first DSB unconditional on aarch64 * docs: Rename default-configs to configs * block: Zero block driver state before reopening * hw/xen/hvm: Fix Aarch64 typo * hw/net/smc91c111: Don't allow data register access to overrun buffer * hw/net/smc91c111: Sanitize packet length on tx * hw/net/smc91c111: Sanitize packet numbers * ppc/pnv/occ: Fix common area sensor offsets * xen: No need to flush the mapcache for grants (bsc#1236329) * net: move backend cleanup to NIC cleanup * net: parameterize the removing client from nc list * util/qemu-timer.c: Don't warp timer from timerlist_rearm() * target/arm: Correct STRD atomicity * target/arm: Correct LDRD atomicity and fault behaviour * hw/arm: enable secure EL2 timers for sbsa machine * hw/arm: enable secure EL2 timers for virt machine * target/arm: Implement SEL2 physical and virtual timers - [openSUSE][RPM] spec: Require ipxe and virtio-gpu packages for more arch-es (bsc#1240157) qemu-9.2.4-150700.3.5.1.src.rpm qemu-img-9.2.4-150700.3.5.1.x86_64.rpm qemu-pr-helper-9.2.4-150700.3.5.1.x86_64.rpm qemu-tools-9.2.4-150700.3.5.1.x86_64.rpm qemu-vmsr-helper-9.2.4-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2311 Security update for protobuf moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for protobuf fixes the following issues: - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663). libprotobuf-lite25_1_0-25.1-150600.16.13.1.x86_64.rpm libprotobuf25_1_0-25.1-150600.16.13.1.x86_64.rpm libprotoc25_1_0-25.1-150600.16.13.1.x86_64.rpm protobuf-25.1-150600.16.13.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2466 Recommended update for pesign moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pesign fixes the following issues: - Added missing pesign-systemd to SUSE Manager 4.3 (no source changes) pesign-0.112-150000.4.23.1.src.rpm pesign-0.112-150000.4.23.1.x86_64.rpm pesign-systemd-0.112-150000.4.23.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2058 Security update for gstreamer-plugins-good important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gstreamer-plugins-good fixes the following issues: - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer (bsc#1244406). - CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer (bsc#1244405). - CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421). gstreamer-plugins-good-1.24.0-150600.3.7.1.src.rpm gstreamer-plugins-good-1.24.0-150600.3.7.1.x86_64.rpm gstreamer-plugins-good-lang-1.24.0-150600.3.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2430 Security update for iputils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). iputils-20221126-150500.3.14.1.src.rpm iputils-20221126-150500.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2079 Security update for icu important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for icu fixes the following issues: - CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721). icu-65.1-150200.4.15.1.src.rpm libicu-devel-65.1-150200.4.15.1.x86_64.rpm libicu-suse65_1-65.1-150200.4.15.1.x86_64.rpm libicu65_1-ledata-65.1-150200.4.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2226 Security update for vim moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). vim-9.1.1406-150500.20.27.1.src.rpm vim-9.1.1406-150500.20.27.1.x86_64.rpm vim-data-9.1.1406-150500.20.27.1.noarch.rpm vim-data-common-9.1.1406-150500.20.27.1.noarch.rpm vim-small-9.1.1406-150500.20.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2362 Security update for coreutils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) coreutils-8.32-150400.9.9.1.src.rpm coreutils-8.32-150400.9.9.1.x86_64.rpm coreutils-doc-8.32-150400.9.9.1.noarch.rpm coreutils-lang-8.32-150400.9.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2059 Security update for icu important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for icu fixes the following issues: - CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721). icu-60.2-150000.3.18.1.src.rpm libicu60_2-60.2-150000.3.18.1.x86_64.rpm libicu60_2-ledata-60.2-150000.3.18.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2185 Recommended update for ServiceReport important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ServiceReport fixes the following issues: - [utils] update logic to parse /etc/os-release (bsc#1244547) - Added hardening to systemd service - Added hardening to systemd service - [Service] Make the servicereport service dependent on the kdump service - [utils] Use --update-bls-cmdline Option for GRUB Update ServiceReport-2.2.4+git7.8ca0fe4-150600.3.3.1.noarch.rpm ServiceReport-2.2.4+git7.8ca0fe4-150600.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2206 Security update for xorg-x11-server important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). xorg-x11-server-21.1.15-150700.5.6.1.src.rpm xorg-x11-server-21.1.15-150700.5.6.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-150700.5.6.1.x86_64.rpm xorg-x11-server-extra-21.1.15-150700.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2200 Security update for clamav important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for clamav fixes the following issues: ClamAV version 1.4.3: - CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability (bsc#1245054). - CVE-2025-20234: Vulnerability in Universal Disk Format (UDF) processing (bsc#1245055). clamav-1.4.3-150600.18.18.1.src.rpm clamav-1.4.3-150600.18.18.1.x86_64.rpm clamav-devel-1.4.3-150600.18.18.1.x86_64.rpm clamav-docs-html-1.4.3-150600.18.18.1.noarch.rpm clamav-milter-1.4.3-150600.18.18.1.x86_64.rpm libclamav12-1.4.3-150600.18.18.1.x86_64.rpm libclammspack0-1.4.3-150600.18.18.1.x86_64.rpm libfreshclam3-1.4.3-150600.18.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2804 Recommended update for liburing2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for liburing2 fixes the following issues: - Move liburing-ffi2 to a separate package following factory packaging - Update to liburing 2.9 (PED-12844) * Add support for ring resizing * Add support for registered waits * Test additions and improvements * Fix bug with certain ring setups with SQE128 set not fully closing the ring after io_uring_queue_exit(3) had been called. * Various man page fixes and updates liburing2-2.9-150700.10.3.1.src.rpm liburing2-2.9-150700.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2300 Recommended update for alsa-ucm-conf important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alsa-ucm-conf fixes the following issues: - Correct / update the previous backported patches - Improved HD-audio Mic LED handling (bsc#1243695): alsa-ucm-conf-1.2.10-150600.3.5.1.noarch.rpm alsa-ucm-conf-1.2.10-150600.3.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2236 Security update for openssl-3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366). - Backport mdless cms signing support [jsc#PED-12895] libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64.rpm libopenssl3-3.2.3-150700.5.10.1.x86_64.rpm openssl-3-3.2.3-150700.5.10.1.src.rpm openssl-3-3.2.3-150700.5.10.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2465 Recommended update for llvm19 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for llvm19 fixes the following issues: - Enable build of libc++ for ppc64le - Enable build of libc++ and openmp for riscv64 libLLVM19-19.1.7-150700.3.3.1.x86_64.rpm libc++-devel-19.1.7-150700.3.3.1.x86_64.rpm libc++1-19.1.7-150700.3.3.1.x86_64.rpm libc++abi-devel-19.1.7-150700.3.3.1.x86_64.rpm libc++abi1-19.1.7-150700.3.3.1.x86_64.rpm llvm19-19.1.7-150700.3.3.1.src.rpm libLLVM19-32bit-19.1.7-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2526 Recommended update for s390-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for s390-tools fixes the following issues: - chpstat: Fix DPU data in reports [SLES 16 SP0] (bsc#1244473). - chpstat: Fix DPU data in reports [SLES 15 SP7] (bsc#1244469). - Re-vendored vendor.tar.zst . - Added IBM z17 in Secure Boot Support Models. s390-tools-2.37.0-150700.4.6.2.src.rpm s390-tools-2.37.0-150700.4.6.2.x86_64.rpm s390-tools-genprotimg-data-2.37.0-150700.4.6.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2573 Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) python-Cython-0.29.14-150200.105.1.src.rpm python-attrs-19.3.0-150200.3.9.1.src.rpm python-boto3-1.26.89-150200.23.17.1.src.rpm python-botocore-1.29.89-150200.37.17.1.src.rpm python-cffi-1.13.2-150200.3.5.1.src.rpm python-decorator-4.4.2-150200.7.6.1.src.rpm python-packaging-21.3-150200.3.6.1.src.rpm python-s3transfer-0.6.0-150200.9.12.1.src.rpm python-six-1.14.0-150200.15.1.src.rpm python3-Cython-0.29.14-150200.105.1.x86_64.rpm python3-attrs-19.3.0-150200.3.9.1.noarch.rpm python3-boto3-1.26.89-150200.23.17.1.noarch.rpm python3-botocore-1.29.89-150200.37.17.1.noarch.rpm python3-cffi-1.13.2-150200.3.5.1.x86_64.rpm python3-decorator-4.4.2-150200.7.6.1.noarch.rpm python3-packaging-21.3-150200.3.6.1.noarch.rpm python3-s3transfer-0.6.0-150200.9.12.1.noarch.rpm python3-six-1.14.0-150200.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2572 Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) python-importlib-metadata-1.5.0-150100.3.8.1.src.rpm python-pluggy-0.13.1-150100.7.8.1.src.rpm python-py-1.10.0-150100.5.15.1.src.rpm python-wheel-0.32.3-150100.6.8.1.src.rpm python-zipp-0.6.0-150100.3.8.1.src.rpm python3-importlib-metadata-1.5.0-150100.3.8.1.noarch.rpm python3-pluggy-0.13.1-150100.7.8.1.noarch.rpm python3-py-1.10.0-150100.5.15.1.noarch.rpm python3-wheel-0.32.3-150100.6.8.1.noarch.rpm python3-zipp-0.6.0-150100.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2761 Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) python-appdirs-1.4.3-150000.3.3.1.src.rpm python-asn1crypto-0.24.0-150000.3.5.1.src.rpm python-certifi-2018.1.18-150000.3.6.1.src.rpm python-chardet-3.0.4-150000.5.6.1.src.rpm python-docutils-0.14-150000.3.7.1.src.rpm python-idna-2.6-150000.3.6.1.src.rpm python-iniconfig-1.1.1-150000.1.13.1.src.rpm python-jmespath-0.9.3-150000.3.8.1.src.rpm python-ply-3.10-150000.3.8.1.src.rpm python-pyasn1-0.4.2-150000.3.8.1.src.rpm python-pyasn1-modules-0.2.1-150000.3.7.1.src.rpm python-pycparser-2.17-150000.3.5.1.src.rpm python-rsa-3.4.2-150000.3.10.1.src.rpm python3-appdirs-1.4.3-150000.3.3.1.noarch.rpm python3-asn1crypto-0.24.0-150000.3.5.1.noarch.rpm python3-certifi-2018.1.18-150000.3.6.1.noarch.rpm python3-chardet-3.0.4-150000.5.6.1.noarch.rpm python3-docutils-0.14-150000.3.7.1.noarch.rpm python3-idna-2.6-150000.3.6.1.noarch.rpm python3-iniconfig-1.1.1-150000.1.13.1.noarch.rpm python3-jmespath-0.9.3-150000.3.8.1.noarch.rpm python3-ply-3.10-150000.3.8.1.noarch.rpm python3-pyasn1-0.4.2-150000.3.8.1.noarch.rpm python3-pyasn1-modules-0.2.1-150000.3.7.1.noarch.rpm python3-pycparser-2.17-150000.3.5.1.noarch.rpm python3-rsa-3.4.2-150000.3.10.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2543 Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) python-PyYAML-5.4.1-150300.3.6.1.src.rpm python-bcrypt-3.2.0-150300.3.3.1.src.rpm python-pyparsing-2.4.7-150300.3.3.1.src.rpm python-python-dateutil-2.8.1-150300.3.3.1.src.rpm python-pytz-2022.1-150300.3.9.1.src.rpm python-requests-2.25.1-150300.3.18.1.src.rpm python-simplejson-3.17.2-150300.3.7.1.src.rpm python-urllib3-1.25.10-150300.4.15.1.src.rpm python3-PyYAML-5.4.1-150300.3.6.1.x86_64.rpm python3-bcrypt-3.2.0-150300.3.3.1.x86_64.rpm python3-pyparsing-2.4.7-150300.3.3.1.noarch.rpm python3-python-dateutil-2.8.1-150300.3.3.1.noarch.rpm python3-pytz-2022.1-150300.3.9.1.noarch.rpm python3-requests-2.25.1-150300.3.18.1.noarch.rpm python3-simplejson-3.17.2-150300.3.7.1.x86_64.rpm python3-urllib3-1.25.10-150300.4.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2754 Security update for opensc moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386). opensc-0.22.0-150600.11.6.1.src.rpm opensc-0.22.0-150600.11.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2229 Security update for libssh important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). libssh-0.9.8-150600.11.3.1.src.rpm libssh-config-0.9.8-150600.11.3.1.x86_64.rpm libssh-devel-0.9.8-150600.11.3.1.x86_64.rpm libssh4-0.9.8-150600.11.3.1.x86_64.rpm libssh4-32bit-0.9.8-150600.11.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2210 Recommended update for open-vm-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - Update to open-vm-tools 13.0.0 based on build 24696409. (bsc#1245169): There are no new features in the open-vm-tools 13.0.0 release. This is primarily a maintenance release that addresses a few issues, including: + The vm-support script has been updated to collect the open-vm-tools log files from the Linux guest and information from the systemd journal. + Github pull requests has been integrated and issues fixed. Please see the Resolved Issues section of the Release Notes. - Add patch: Currently the "telinit 6" command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a "systemctl reboot" command will be used to trigger reboot. Otherwise, the "telinit 6" command will be used assuming the traditional init system, SysVinit, is still available. - Drop patch now contained in 13.0.0: - Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes file where source validator was failing. libvmtools-devel-13.0.0-150600.3.15.1.x86_64.rpm libvmtools0-13.0.0-150600.3.15.1.x86_64.rpm open-vm-tools-13.0.0-150600.3.15.1.src.rpm open-vm-tools-13.0.0-150600.3.15.1.x86_64.rpm open-vm-tools-salt-minion-13.0.0-150600.3.15.1.x86_64.rpm open-vm-tools-sdmp-13.0.0-150600.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2574 Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) python3-PyNaCl-1.5.0-150400.9.6.2.src.rpm python3-PyNaCl-1.5.0-150400.9.6.2.x86_64.rpm python3-cryptography-3.3.2-150400.26.1.src.rpm python3-cryptography-3.3.2-150400.26.1.x86_64.rpm python3-more-itertools-8.10.0-150400.10.1.noarch.rpm python3-more-itertools-8.10.0-150400.10.1.src.rpm python3-paramiko-3.4.0-150400.9.6.1.noarch.rpm python3-paramiko-3.4.0-150400.9.6.1.src.rpm python3-pip-20.0.2-150400.23.1.noarch.rpm python3-pip-20.0.2-150400.23.1.src.rpm python3-pip-wheel-20.0.2-150400.23.1.noarch.rpm python3-pip-wheel-20.0.2-150400.23.1.src.rpm python3-pyOpenSSL-21.0.0-150400.10.1.noarch.rpm python3-pyOpenSSL-21.0.0-150400.10.1.src.rpm python3-setuptools-44.1.1-150400.9.15.1.noarch.rpm python3-setuptools-44.1.1-150400.9.15.1.src.rpm python3-setuptools-test-44.1.1-150400.9.15.1.noarch.rpm python3-setuptools-test-44.1.1-150400.9.15.1.src.rpm python3-setuptools-wheel-44.1.1-150400.9.15.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2177 Security update for sudo important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). - CVE-2025-32463: Fixed a possible local privilege Escalation via chroot option (bsc#1245275). sudo-1.9.15p5-150600.3.9.1.src.rpm sudo-1.9.15p5-150600.3.9.1.x86_64.rpm sudo-devel-1.9.15p5-150600.3.9.1.x86_64.rpm sudo-plugin-python-1.9.15p5-150600.3.9.1.x86_64.rpm sudo-policy-sudo-auth-self-1.9.15p5-150600.3.9.1.x86_64.rpm sudo-policy-wheel-auth-self-1.9.15p5-150600.3.9.1.x86_64.rpm system-group-sudo-1.9.15p5-150600.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2551 Recommended update for scap-security-guide moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for scap-security-guide fixes the following issues: Updated to 0.1.77 (jsc#ECO-3319): - Introduce Architecture Decisions Records - Move stablization to the third Monday of the second month - Remove CCI References - Remove macOS content - Added support for tencentos4 scap-security-guide-0.1.77-150000.1.95.1.noarch.rpm scap-security-guide-0.1.77-150000.1.95.1.src.rpm scap-security-guide-debian-0.1.77-150000.1.95.1.noarch.rpm scap-security-guide-redhat-0.1.77-150000.1.95.1.noarch.rpm scap-security-guide-ubuntu-0.1.77-150000.1.95.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2731 Recommended update for perl-DBI moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl-DBI fixes the following issues: - Dependency submission for the openQA stack (bsc#1244183) - Updated to 1.647.0 (1.647) * Remove "experimental" tag from statistics_info * RT tickets moved to github issues (rwfranks++) * Fix install issue perl-DBI-1.647.0-150600.12.6.1.src.rpm perl-DBI-1.647.0-150600.12.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2276 Security update for libsoup low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). libsoup-3.4.4-150600.3.13.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.13.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.13.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.13.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2277 Security update for libsoup2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). libsoup-2_4-1-2.74.3-150600.4.12.1.x86_64.rpm libsoup2-2.74.3-150600.4.12.1.src.rpm libsoup2-devel-2.74.3-150600.4.12.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.12.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2891 Recommended update for oqs-provider moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for oqs-provider fixes the following issues: Updated to 0.8.0: * Updates IANA code points for ML-KEM and changes FrodoKEM code points. * Adds support for ML-DSA (FIPS 204 final version). * Adds support for context strings in OpenSSL versions >= 3.2. * Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02. * Adds a SBOM template in the CycloneDX 1.6 format. * Adds support for DTLS 1.3 (pending support in OpenSSL). oqs-provider-0.8.0-150600.3.6.1.src.rpm oqs-provider-0.8.0-150600.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2566 Security update for libarchive moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) libarchive-3.7.2-150600.3.17.1.src.rpm libarchive-devel-3.7.2-150600.3.17.1.x86_64.rpm libarchive13-3.7.2-150600.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2274 Recommended update for mozilla-nspr, mozilla-nss moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * bmo#1965754 Update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * bmo#1951396 Update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ‘trust bit’ for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert “Extract testcases from ssl gtests for fuzzing” * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA – G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed Updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * bmo#1927096 Update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Make the rpms reproducible, by using a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible. Use key from openssl (bsc#1081723) - Exclude the SHA-1 hash from SLI approval. mozilla-nspr was updated to version 4.36: * renamed the prwin16.h header to prwin.h * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nspr-4.36-150000.3.32.1.src.rpm mozilla-nspr-4.36-150000.3.32.1.x86_64.rpm mozilla-nspr-devel-4.36-150000.3.32.1.x86_64.rpm mozilla-nspr-32bit-4.36-150000.3.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2307 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-57995: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (bsc#1237895). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37837: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() (bsc#1242952). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have "%*p.." (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38055: perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq (bsc#1244747). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case (stable-fixes). - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake "Incremement" -> "Increment" (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms (git-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: cs42l43: Disable headphone clamps during type detection (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() (git-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init (git-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: btintel: Check dsbr size from EFI variable (git-fixes). - Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers (git-fixes). - Bluetooth: btintel_pcie: Increase the tx and rx descriptor count (git-fixes). - Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition (git-fixes). - Bluetooth: eir: Fix possible crashes on eir_create_adv_data (git-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: ACPI: Use all-string data node references (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - IB/cm: Drop lockdep assert and WARN when freeing old msg (git-fixes) - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild") - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (stable-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert "ALSA: usb-audio: Skip setting clock selector for single connections" (stable-fixes). - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (stable-fixes). - Revert "drm/amdgpu: do not allow userspace to create a doorbell BO" (stable-fixes). - Revert "ipv6: save dontfrag in cork (git-fixes)." - Revert "kABI: ipv6: save dontfrag in cork (git-fixes)." - Revert "wifi: mt76: mt7996: fill txd by host driver" (stable-fixes). - Revert "wifi: mwifiex: Fix HT40 bandwidth issue." (git-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/ivpu: Improve buffer object logging (git-fixes). - accel/ivpu: Use dma_resv_lock() instead of a custom mutex (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)") - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Do not allow creation of local partition over a remote one (bsc#1241166). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - cifs: change tcon status when need_reconnect is set on it (git-fixes). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add debugging message for brightness caps (bsc#1240650). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Add support for disconnected eDP streams (stable-fixes). - drm/amd/display: Call FP Protect Before Mode Programming/Mode Support (stable-fixes). - drm/amd/display: Configure DTBCLK_P with OPTC only for dcn401 (stable-fixes). - drm/amd/display: Correct timing_adjust_pending flag setting (stable-fixes). - drm/amd/display: Defer BW-optimization-blocked DRR adjustments (git-fixes). - drm/amd/display: Do not enable replay when vtotal update is pending (stable-fixes). - drm/amd/display: Do not treat wb connector as physical in create_validate_stream_for_sink (stable-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Ensure DMCUB idle before reset on DCN31/DCN35 (stable-fixes). - drm/amd/display: Fix BT2020 YCbCr limited/full range input (stable-fixes). - drm/amd/display: Fix DMUB reset sequence for DCN401 (stable-fixes). - drm/amd/display: Fix default DC and AC levels (bsc#1240650). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Fix p-state type when p-state is unsupported (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Guard against setting dispclk low when active (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Populate register address for dentist for dcn401 (stable-fixes). - drm/amd/display: Read LTTPR ALPM caps during link cap retrieval (stable-fixes). - drm/amd/display: Request HW cursor on DCN3.2 with SubVP (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Support multiple options during psr entry (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: Use Nominal vBlank If Provided Instead Of Capping It (stable-fixes). - drm/amd/display: calculate the remain segments for all pipes (stable-fixes). - drm/amd/display: check stream id dml21 wrapper to get plane_id (stable-fixes). - drm/amd/display: fix dcn4x init failed (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: handle max_downscale_src_width fail check (stable-fixes). - drm/amd/display: not abort link train when bw is low (stable-fixes). - drm/amd/display: pass calculated dram_speed_mts to dml2 (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pm: Fetch current power limit from PMFW (stable-fixes). - drm/amd/pm: Skip P2S load for SMU v13.0.12 (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amd: Adjust output for discovery error handling (git-fixes). - drm/amdgpu/discovery: check ip_discovery fw file available (stable-fixes). - drm/amdgpu/gfx11: do not read registers in mqd init (stable-fixes). - drm/amdgpu/gfx12: do not read registers in mqd init (stable-fixes). - drm/amdgpu/mes11: fix set_hw_resources_1 calculation (stable-fixes). - drm/amdgpu: Allow P2P access through XGMI (stable-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Fix missing drain retry fault the last entry (stable-fixes). - drm/amdgpu: Fix the race condition for draining retry fault (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Skip pcie_replay_count sysfs creation for VF (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: Use active umc info from discovery (stable-fixes). - drm/amdgpu: adjust drm_firmware_drivers_only() handling (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: read back register after written for VCN v4.0.5 (stable-fixes). - drm/amdgpu: release xcp_mgr on exit (stable-fixes). - drm/amdgpu: remove all KFD fences from the BO on release (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: Correct F8_MODE for gfx950 (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/amdkfd: Set per-process flags only once for gfx9/10/11/12 (stable-fixes). - drm/amdkfd: fix missing L2 cache info in topology (stable-fixes). - drm/amdkfd: set precise mem ops caps to disabled for gfx 11 and 12 (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/buddy: fix issue that force_merge cannot free all roots (stable-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h (git-fixes). - drm/i915/guc: Handle race condition where wakeref count drops below 0 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 (git-fixes). - drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dpu: Clear CTL_FETCH_PIPE_ACTIVE before blend setup (git-fixes). - drm/msm/dpu: Clear CTL_FETCH_PIPE_ACTIVE on ctl_path reset (git-fixes). - drm/msm/dpu: enable SmartDMA on SC8180X (git-fixes). - drm/msm/dpu: enable SmartDMA on SM8150 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/nouveau: fix the broken marco GSP_MSG_MAX_SIZE (stable-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel-simple: fix the warnings for the Evervision VGG644804 (git-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/panic: add missing space (git-fixes). - drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions (git-fixes). - drm/panthor: Update panthor_mmu::irq::mask when needed (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/rockchip: vop2: Improve display modes handling on RK3588 HDMI0 (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm/vmwgfx: Fix dumb buffer leak (git-fixes). - drm/xe/bmg: Update Wa_16023588340 (git-fixes). - drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 (git-fixes). - drm/xe/debugfs: Add missing xe_pm_runtime_put in wedge_mode_set (stable-fixes). - drm/xe/debugfs: fixed the return value of wedged_mode_set (stable-fixes). - drm/xe/display: Add check for alloc_ordered_workqueue() (git-fixes). - drm/xe/gt: Update handling of xe_force_wake_get return (stable-fixes). - drm/xe/oa: Ensure that polled read returns latest data (stable-fixes). - drm/xe/pf: Create a link between PF and VF devices (stable-fixes). - drm/xe/pf: Reset GuC VF config when unprovisioning critical resource (stable-fixes). - drm/xe/relay: Do not use GFP_KERNEL for new transactions (stable-fixes). - drm/xe/sa: Always call drm_suballoc_manager_fini() (stable-fixes). - drm/xe/sched: stop re-submitting signalled jobs (git-fixes). - drm/xe/vf: Retry sending MMIO request to GUC on timeout error (stable-fixes). - drm/xe/vm: move rebind_work init earlier (git-fixes). - drm/xe/xe2hpg: Add Wa_22021007897 (stable-fixes). - drm/xe: Create LRC BO without VM (git-fixes). - drm/xe: Do not attempt to bootstrap VF in execlists mode (stable-fixes). - drm/xe: Fix memset on iomem (git-fixes). - drm/xe: Fix xe_tile_init_noalloc() error propagation (stable-fixes). - drm/xe: Make xe_gt_freq part of the Documentation (git-fixes). - drm/xe: Move suballocator init to after display init (stable-fixes). - drm/xe: Nuke VM's mapping upon close (stable-fixes). - drm/xe: Process deferred GGTT node removals on device unwind (git-fixes). - drm/xe: Reject BO eviction if BO is bound to current VM (stable-fixes). - drm/xe: Retry BO allocation (stable-fixes). - drm/xe: Rework eviction rejection of bound external bos (git-fixes). - drm/xe: Save the gt pointer in lrc and drop the tile (stable-fixes). - drm/xe: Stop ignoring errors from xe_ttm_stolen_mgr_init() (stable-fixes). - drm/xe: Wire up device shutdown handler (stable-fixes). - drm/xe: remove unmatched xe_vm_unlock() from __xe_exec_queue_init() (git-fixes). - drm/xe: xe_gen_wa_oob: replace program_invocation_short_name (stable-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - dummycon: Trigger redraw when switching consoles with deferred takeover (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert "Do not WARN on gpiod_put() for optional GPIO" (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: Add sanity check for read/write_iter (git-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: intel/ipu6: Fix dma mask for non-secure mode (git-fixes). - media: ipu6: Remove workaround for Meteor Lake ES2 (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov2740: Move pm-runtime cleanup on probe-errors to proper place (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: platform: mtk-mdp3: Remove unused mdp_get_plat_device (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: verisilicon: Free post processor buffers on error (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd/hsmp: Add new error code and error logs (jsc#PED-13094). - platform/x86/amd/hsmp: Add support for HSMP protocol version 7 messages (jsc#PED-13094). - platform/x86/amd/hsmp: Change generic plat_dev name to hsmp_pdev (jsc#PED-13094). - platform/x86/amd/hsmp: Change the error type (jsc#PED-13094). - platform/x86/amd/hsmp: Convert amd_hsmp_rdwr() to a function pointer (jsc#PED-13094). - platform/x86/amd/hsmp: Create hsmp/ directory (jsc#PED-13094). - platform/x86/amd/hsmp: Create separate ACPI, plat and common drivers (jsc#PED-13094). - platform/x86/amd/hsmp: Create wrapper function init_acpi() (jsc#PED-13094). - platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers (jsc#PED-13094). - platform/x86/amd/hsmp: Make hsmp_pdev static instead of global (jsc#PED-13094). - platform/x86/amd/hsmp: Move ACPI code to acpi.c (jsc#PED-13094). - platform/x86/amd/hsmp: Move platform device specific code to plat.c (jsc#PED-13094). - platform/x86/amd/hsmp: Move structure and macros to header file (jsc#PED-13094). - platform/x86/amd/hsmp: Report power via hwmon sensor (jsc#PED-13094). - platform/x86/amd/hsmp: Use a single DRIVER_VERSION for all hsmp modules (jsc#PED-13094). - platform/x86/amd/hsmp: Use dev_groups in the driver structure (jsc#PED-13094). - platform/x86/amd/hsmp: Use name space while exporting module symbols (jsc#PED-13094). - platform/x86/amd/hsmp: acpi: Add sysfs files to display HSMP telemetry (jsc#PED-13094). - platform/x86/amd/hsmp: fix building with CONFIG_HWMON=m (jsc#PED-13094). - platform/x86/amd/hsmp: mark hsmp_msg_desc_table as maybe_unused (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: amd: Use *-y instead of *-objs in Makefiles (jsc#PED-13094). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: hp-bioscfg: Annotate struct bios_args with __counted_by (jsc#PED-13019). - platform/x86: hp-bioscfg: Change how enum possible values size is evaluated (jsc#PED-13019). - platform/x86: hp-bioscfg: Change how order list size is evaluated (jsc#PED-13019). - platform/x86: hp-bioscfg: Change how password encoding size is evaluated (jsc#PED-13019). - platform/x86: hp-bioscfg: Change how prerequisites size is evaluated (jsc#PED-13019). - platform/x86: hp-bioscfg: Fix error handling in hp_add_other_attributes() (jsc#PED-13019). - platform/x86: hp-bioscfg: Fix memory leaks in attribute packages (jsc#PED-13019). - platform/x86: hp-bioscfg: Fix reference leak (jsc#PED-13019). - platform/x86: hp-bioscfg: Fix uninitialized variable errors (jsc#PED-13019). - platform/x86: hp-bioscfg: Makefile (jsc#PED-13019). - platform/x86: hp-bioscfg: Remove duplicate use of variable in inner loop (jsc#PED-13019). - platform/x86: hp-bioscfg: Remove unused obj in hp_add_other_attributes() (jsc#PED-13019). - platform/x86: hp-bioscfg: Removed needless asm-generic (jsc#PED-13019). - platform/x86: hp-bioscfg: Replace the word HACK from source code (jsc#PED-13019). - platform/x86: hp-bioscfg: Simplify return check in hp_add_other_attributes() (jsc#PED-13019). - platform/x86: hp-bioscfg: Update steps order list elements are evaluated (jsc#PED-13019). - platform/x86: hp-bioscfg: Use kmemdup() to replace kmalloc + memcpy (jsc#PED-13019). - platform/x86: hp-bioscfg: biosattr-interface (jsc#PED-13019). - platform/x86: hp-bioscfg: bioscfg (jsc#PED-13019). - platform/x86: hp-bioscfg: bioscfg-h (jsc#PED-13019). - platform/x86: hp-bioscfg: enum-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: fix a signedness bug in hp_wmi_perform_query() (jsc#PED-13019). - platform/x86: hp-bioscfg: fix error reporting in hp_add_other_attributes() (jsc#PED-13019). - platform/x86: hp-bioscfg: int-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: move mutex_lock() down in hp_add_other_attributes() (jsc#PED-13019). - platform/x86: hp-bioscfg: order-list-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: passwdobj-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: prevent a small buffer overflow (jsc#PED-13019). - platform/x86: hp-bioscfg: spmobj-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: string-attributes (jsc#PED-13019). - platform/x86: hp-bioscfg: surestart-attributes (jsc#PED-13019). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: ocp: fix start time alignment in ptp_ocp_signal_set (git-fixes). - ptp: ocp: reject unsupported periodic output flags (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs < 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: Improve CDL control (git-fixes). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Fix _ctl_get_mpt_mctp_passthru_adapter() to return IOC pointer (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: core: restore of_node information in sysfs (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: jsm: fix NPE during jsm_uart_port_init (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - supported.conf: Add SNP SVSM vTPM driver - supported.conf: add it - supported.conf: support firmware_attributes_class - svsm: Add header with SVSM_VTPM_CMD helpers (bsc#1241191). - sysfb: Fix screen_info type check for VGA (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - thunderbolt: Improve redrive mode handling (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - tpm: Add SNP SVSM vTPM driver (bsc#1241191). - tpm: Make chip->{status,cancel,req_canceled} opt (bsc#1241191). - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - tty: serial: 8250_omap: fix TX with DMA for am33xx (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: ACPI CCA threshold support (bsc#1240998). - wifi: ath12k: ACPI SAR support (bsc#1240998). - wifi: ath12k: ACPI TAS support (bsc#1240998). - wifi: ath12k: ACPI band edge channel power support (bsc#1240998). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Add additional checks for vif and sta iterators (bsc#1240998). - wifi: ath12k: Add firmware coredump collection support (bsc#1240998). - wifi: ath12k: Add htt_stats_dump file ops support (bsc#1240998). - wifi: ath12k: Add lock to protect the hardware state (bsc#1240998). - wifi: ath12k: Add missing htt_metadata flag in ath12k_dp_tx() (bsc#1240998). - wifi: ath12k: Add support to enable debugfs_htt_stats (bsc#1240998). - wifi: ath12k: Add support to parse requested stats_type (bsc#1240998). - wifi: ath12k: Avoid -Wflex-array-member-not-at-end warnings (bsc#1240998). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Cache vdev configs before vdev create (bsc#1240998). - wifi: ath12k: Dump additional Tx PDEV HTT stats (bsc#1240998). - wifi: ath12k: Fetch regdb.bin file from board-2.bin (stable-fixes). - wifi: ath12k: Fix WARN_ON during firmware crash in split-phy (bsc#1240998). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix buffer overflow in debugfs (bsc#1240998). - wifi: ath12k: Fix devmem address prefix when logging (bsc#1240998). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix for out-of bound access error (bsc#1240998). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix pdev id sent to firmware for single phy devices (bsc#1240998). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Handle error cases during extended skb allocation (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Introduce device index (bsc#1240998). - wifi: ath12k: Modify add and remove chanctx ops for single wiphy support (bsc#1240998). - wifi: ath12k: Modify print_array_to_buf() to support arrays with 1-based semantics (bsc#1240998). - wifi: ath12k: Modify rts threshold mac op for single wiphy (bsc#1240998). - wifi: ath12k: Modify set and get antenna mac ops for single wiphy (bsc#1240998). - wifi: ath12k: Optimize the lock contention of used list in Rx data path (bsc#1240998). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash (bsc#1240998). - wifi: ath12k: Refactor Rxdma buffer replinish argument (bsc#1240998). - wifi: ath12k: Refactor data path cmem init (bsc#1240998). - wifi: ath12k: Refactor error handler of Rxdma replenish (bsc#1240998). - wifi: ath12k: Refactor idle ring descriptor setup (bsc#1240998). - wifi: ath12k: Refactor the hardware cookie conversion init (bsc#1240998). - wifi: ath12k: Refactor the hardware recovery procedure (bsc#1240998). - wifi: ath12k: Refactor the hardware state (bsc#1240998). - wifi: ath12k: Remove unsupported tx monitor handling (bsc#1240998). - wifi: ath12k: Remove unused ath12k_base from ath12k_hw (bsc#1240998). - wifi: ath12k: Remove unused tcl_*_ring configuration (bsc#1240998). - wifi: ath12k: Replace "chip" with "device" in hal Rx return buffer manager (bsc#1240998). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() (bsc#1240998). - wifi: ath12k: Support BE OFDMA Pdev Rate Stats (bsc#1240998). - wifi: ath12k: Support DMAC Reset Stats (bsc#1240998). - wifi: ath12k: Support Pdev OBSS Stats (bsc#1240998). - wifi: ath12k: Support Pdev Scheduled Algorithm Stats (bsc#1240998). - wifi: ath12k: Support Ring and SFM stats (bsc#1240998). - wifi: ath12k: Support Self-Generated Transmit stats (bsc#1240998). - wifi: ath12k: Support TQM stats (bsc#1240998). - wifi: ath12k: Support Transmit DE stats (bsc#1240998). - wifi: ath12k: Support Transmit Scheduler stats (bsc#1240998). - wifi: ath12k: Support pdev CCA Stats (bsc#1240998). - wifi: ath12k: Support pdev Transmit Multi-user stats (bsc#1240998). - wifi: ath12k: Support pdev error stats (bsc#1240998). - wifi: ath12k: add 6 GHz params in peer assoc command (bsc#1240998). - wifi: ath12k: add ATH12K_DBG_WOW log level (bsc#1240998). - wifi: ath12k: add EMA beacon support (bsc#1240998). - wifi: ath12k: add MBSSID beacon support (bsc#1240998). - wifi: ath12k: add WoW net-detect functionality (bsc#1240998). - wifi: ath12k: add basic WoW functionalities (bsc#1240998). - wifi: ath12k: add channel 2 into 6 GHz channel list (bsc#1240998). - wifi: ath12k: add hw_link_id in ath12k_pdev (bsc#1240998). - wifi: ath12k: add missing lockdep_assert_wiphy() for ath12k_mac_op_ functions (bsc#1240998). - wifi: ath12k: add multi device support for WBM idle ring buffer setup (bsc#1240998). - wifi: ath12k: add multiple radio support in a single MAC HW un/register (bsc#1240998). - wifi: ath12k: add panic handler (bsc#1240998). - wifi: ath12k: add support to handle beacon miss for WCN7850 (bsc#1240998). - wifi: ath12k: advertise driver capabilities for MBSSID and EMA (bsc#1240998). - wifi: ath12k: allocate dummy net_device dynamically (bsc#1240998). - wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' (bsc#1240998). - wifi: ath12k: ath12k_mac_op_sta_state(): clean up update_wk cancellation (bsc#1240998). - wifi: ath12k: ath12k_mac_set_key(): remove exit label (bsc#1240998). - wifi: ath12k: avoid double SW2HW_MACID conversion (bsc#1240998). - wifi: ath12k: avoid duplicated vdev down (bsc#1240998). - wifi: ath12k: avoid redundant code in Rx cookie conversion init (bsc#1240998). - wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart() (bsc#1240998). - wifi: ath12k: avoid unnecessary MSDU drop in the Rx error process (bsc#1240998). - wifi: ath12k: change supports_suspend to true for WCN7850 (bsc#1240998). - wifi: ath12k: cleanup unneeded labels (bsc#1240998). - wifi: ath12k: configure MBSSID parameters in AP mode (bsc#1240998). - wifi: ath12k: configure MBSSID params in vdev create/start (bsc#1240998). - wifi: ath12k: convert struct ath12k_sta::update_wk to use struct wiphy_work (bsc#1240998). - wifi: ath12k: correct the capital word typo (bsc#1240998). - wifi: ath12k: create a structure for WMI vdev up parameters (bsc#1240998). - wifi: ath12k: debugfs: radar simulation support (bsc#1240998). - wifi: ath12k: decrease MHI channel buffer length to 8KB (bsc#1240998). - wifi: ath12k: delete NSS and TX power setting for monitor vdev (bsc#1240998). - wifi: ath12k: displace the Tx and Rx descriptor in cookie conversion table (bsc#1240998). - wifi: ath12k: do not dump SRNG statistics during resume (bsc#1240998). - wifi: ath12k: do not process consecutive RDDM event (bsc#1240998). - wifi: ath12k: do not use %pK in dmesg format strings (bsc#1240998). - wifi: ath12k: dynamic VLAN support (bsc#1240998). - wifi: ath12k: dynamically update peer puncturing bitmap for STA (bsc#1240998). - wifi: ath12k: enable WIPHY_FLAG_DISABLE_WEXT (bsc#1240998). - wifi: ath12k: enable service flag for survey dump stats (bsc#1240998). - wifi: ath12k: extend the link capable flag (bsc#1240998). - wifi: ath12k: fetch correct radio based on vdev status (bsc#1240998). - wifi: ath12k: fix A-MSDU indication in monitor mode (bsc#1240998). - wifi: ath12k: fix ACPI warning when resume (bsc#1240998). - wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (git-fixes). - wifi: ath12k: fix NULL pointer access in ath12k_mac_op_get_survey() (bsc#1240998). - wifi: ath12k: fix Smatch warnings on ath12k_core_suspend() (bsc#1240998). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ack signal strength calculation (bsc#1240998). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix build vs old compiler (bsc#1240998). - wifi: ath12k: fix calling correct function for rx monitor mode (bsc#1240998). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix desc address calculation in wbm tx completion (bsc#1240998). - wifi: ath12k: fix driver initialization for WoW unsupported devices (bsc#1240998). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix flush failure in recovery scenarios (bsc#1240998). - wifi: ath12k: fix hal_rx_buf_return_buf_manager documentation (bsc#1240998). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix key cache handling (bsc#1240998). - wifi: ath12k: fix legacy peer association due to missing HT or 6 GHz capabilities (bsc#1240998). - wifi: ath12k: fix link capable flags (bsc#1240998). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix mac id extraction when MSDU spillover in rx error path (bsc#1240998). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix mbssid max interface advertisement (bsc#1240998). - wifi: ath12k: fix missing endianness conversion in wmi_vdev_create_cmd() (bsc#1240998). - wifi: ath12k: fix misspelling of "dma" in num_rxmda_per_pdev (bsc#1240998). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix one more memcpy size error (bsc#1240998). - wifi: ath12k: fix per pdev debugfs registration (bsc#1240998). - wifi: ath12k: fix reusing outside iterator in ath12k_wow_vif_set_wakeups() (bsc#1240998). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path (bsc#1240998). - wifi: ath12k: fix struct hal_rx_mpdu_start (bsc#1240998). - wifi: ath12k: fix struct hal_rx_phyrx_rssi_legacy_info (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_end_user_stats (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_start (bsc#1240998). - wifi: ath12k: fix survey dump collection in 6 GHz (bsc#1240998). - wifi: ath12k: fix the ampdu id fetch in the HAL_RX_MPDU_START TLV (stable-fixes). - wifi: ath12k: fix the stack frame size warning in ath12k_mac_op_hw_scan (bsc#1240998). - wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() (bsc#1240998). - wifi: ath12k: fix warning on DMA ring capabilities event (bsc#1240998). - wifi: ath12k: flush all packets before suspend (bsc#1240998). - wifi: ath12k: handle keepalive during WoWLAN suspend and resume (bsc#1240998). - wifi: ath12k: handle symlink cleanup for per pdev debugfs dentry (bsc#1240998). - wifi: ath12k: implement WoW enable and wakeup commands (bsc#1240998). - wifi: ath12k: implement hardware data filter (bsc#1240998). - wifi: ath12k: improve the rx descriptor error information (bsc#1240998). - wifi: ath12k: initial debugfs support (bsc#1240998). - wifi: ath12k: make read-only array svc_id static const (bsc#1240998). - wifi: ath12k: modify ath12k mac start/stop ops for single wiphy (bsc#1240998). - wifi: ath12k: modify ath12k_get_arvif_iter() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_bss_info_changed() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_set_key() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_vif_chan() for MLO (bsc#1240998). - wifi: ath12k: modify link arvif creation and removal for MLO (bsc#1240998). - wifi: ath12k: modify regulatory support for single wiphy architecture (bsc#1240998). - wifi: ath12k: modify remain on channel for single wiphy (bsc#1240998). - wifi: ath12k: move txbaddr/rxbaddr into struct ath12k_dp (bsc#1240998). - wifi: ath12k: no need to handle pktlog during suspend/resume (bsc#1240998). - wifi: ath12k: pass ath12k_link_vif instead of vif/ahvif (bsc#1240998). - wifi: ath12k: prepare sta data structure for MLO handling (bsc#1240998). - wifi: ath12k: prepare vif config caching for MLO (bsc#1240998). - wifi: ath12k: prepare vif data structure for MLO handling (bsc#1240998). - wifi: ath12k: read single_chip_mlo_support parameter from QMI PHY capability (bsc#1240998). - wifi: ath12k: rearrange IRQ enable/disable in reset path (bsc#1240998). - wifi: ath12k: refactor SMPS configuration (bsc#1240998). - wifi: ath12k: refactor arvif security parameter configuration (bsc#1240998). - wifi: ath12k: refactor ath12k_hw_regs structure (stable-fixes). - wifi: ath12k: refactor rx descriptor CMEM configuration (bsc#1240998). - wifi: ath12k: remove MHI LOOPBACK channels (bsc#1240998). - wifi: ath12k: remove duplicate definition of MAX_RADIOS (bsc#1240998). - wifi: ath12k: remove duplicate definitions in wmi.h (bsc#1240998). - wifi: ath12k: remove invalid peer create logic (bsc#1240998). - wifi: ath12k: remove obsolete struct wmi_start_scan_arg (bsc#1240998). - wifi: ath12k: remove redundant peer delete for WCN7850 (bsc#1240998). - wifi: ath12k: remove unused variable monitor_flags (bsc#1240998). - wifi: ath12k: remove unused variable monitor_present (bsc#1240998). - wifi: ath12k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1240998). - wifi: ath12k: restore ASPM for supported hardwares only (bsc#1240998). - wifi: ath12k: scan statemachine changes for single wiphy (bsc#1240998). - wifi: ath12k: set mlo_capable_flags based on QMI PHY capability (bsc#1240998). - wifi: ath12k: skip sending vdev down for channel switch (bsc#1240998). - wifi: ath12k: support ARP and NS offload (bsc#1240998). - wifi: ath12k: support GTK rekey offload (bsc#1240998). - wifi: ath12k: support SMPS configuration for 6 GHz (bsc#1240998). - wifi: ath12k: support get_survey mac op for single wiphy (bsc#1240998). - wifi: ath12k: support suspend/resume (bsc#1240998). - wifi: ath12k: switch to using wiphy_lock() and remove ar->conf_mutex (bsc#1240998). - wifi: ath12k: unregister per pdev debugfs (bsc#1240998). - wifi: ath12k: update ath12k_mac_op_conf_tx() for MLO (bsc#1240998). - wifi: ath12k: update ath12k_mac_op_update_vif_offload() for MLO (bsc#1240998). - wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 (bsc#1240998). - wifi: ath12k: use correct MAX_RADIOS (bsc#1240998). - wifi: ath12k: use tail MSDU to get MSDU information (bsc#1240998). - wifi: ath12k: using msdu end descriptor to check for rx multicast packets (stable-fixes). - wifi: ath12k: vdev statemachine changes for single wiphy (bsc#1240998). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: cfg80211: allow IR in 20 MHz configurations (stable-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: do not warn during reprobe (stable-fixes). - wifi: iwlwifi: do not warn when if there is a FW error (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: fix the ECKV UEFI variable name (stable-fixes). - wifi: iwlwifi: mark Br device not integrated (stable-fixes). - wifi: iwlwifi: mvm: fix beacon CCK flag (stable-fixes). - wifi: iwlwifi: mvm: fix setting the TK when associated (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: iwlwifi: use correct IMR dump variable (stable-fixes). - wifi: iwlwifi: w/a FW SMPS mode selection (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: fix warning on disconnect during failed ML reconf (stable-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211: set ieee80211_prep_tx_info::link_id upon Auth Rx (stable-fixes). - wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO (stable-fixes). - wifi: mac80211_hwsim: Fix MLD address translation (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix fails to enter low power mode in suspend state (stable-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: introduce thermal protection (stable-fixes). - wifi: mt76: mt7925: load the appropriate CLC data based on hardware type (stable-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: mwifiex: Fix HT40 bandwidth issue (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: 8922a: fix TX fail with wrong VCO setting (stable-fixes). - wifi: rtw89: 8922a: fix incorrect STA-ID in EHT MU PPDU (stable-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: call power_on ahead before selecting firmware (stable-fixes). - wifi: rtw89: fw: get sb_sel_ver via get_unaligned_le32() (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - wifi: rtw89: phy: add dummy C2H event handler for report of TAS power (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (stable-fixes). - workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() (bsc#1245101 jsc#PED-11934). - x86/acpi: Fix LAPIC/x2APIC parsing order (git-fixes). - x86/amd_nb, hwmon: (k10temp): Simplify amd_pci_dev_to_node_id() (jsc#PED-13094). - x86/amd_nb: Clean up early_is_amd_nb() (jsc#PED-13094). - x86/amd_nb: Move SMN access code to a new amd_node driver (jsc#PED-13094). - x86/amd_nb: Restrict init function to AMD-based systems (jsc#PED-13094). - x86/amd_nb: Simplify function 4 search (jsc#PED-13094). - x86/amd_nb: Simplify root device search (jsc#PED-13094). - x86/amd_node: Add SMN offsets to exclusive region access (jsc#PED-13094). - x86/amd_node: Add support for debugfs access to SMN registers (jsc#PED-13094). - x86/amd_node: Remove dependency on AMD_NB (jsc#PED-13094). - x86/amd_node: Update __amd_smn_rw() error paths (jsc#PED-13094). - x86/amd_node: Use defines for SMN register offsets (jsc#PED-13094). - x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/mce/amd: Remove shared threshold bank plumbing (jsc#PED-13094). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/platform/amd: Move the <asm/amd_hsmp.h> header to <asm/amd/hsmp.h> (jsc#PED-13094). - x86/sev: Add SVSM vTPM probe/send_command functions (bsc#1241191). - x86/sev: Provide guest VMPL level to userspace (bsc#1241191). - x86/sev: Register tpm-svsm platform device (bsc#1241191). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - x86: Start moving AMD node functionality out of AMD_NB (jsc#PED-13094). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). kernel-default-6.4.0-150700.53.6.1.nosrc.rpm True kernel-default-6.4.0-150700.53.6.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.6.1.150700.17.6.1.src.rpm True kernel-default-base-6.4.0-150700.53.6.1.150700.17.6.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.6.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.6.1.noarch.rpm True kernel-macros-6.4.0-150700.53.6.1.noarch.rpm True kernel-source-6.4.0-150700.53.6.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2323 Recommended update for mozilla-nspr, mozilla-nss moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ‘trust bit’ for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert “Extract testcases from ssl gtests for fuzzing” * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA – G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Follow-up to fix test for presence of file nspr.patch. * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Make the rpms reproducible, by using a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible Use key from openssl (bsc#1081723) - FIPS: exclude the SHA-1 hash from SLI approval. mozilla-nspr was updated to version 4.36: * renamed the prwin16.h header to prwin.h * configure was updated from 2.69 to 2.71 * various build, test and automation script fixes * major parts of the source code were reformatted libfreebl3-3.112-150400.3.57.1.x86_64.rpm libsoftokn3-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-3.112-150400.3.57.1.src.rpm mozilla-nss-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-certs-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-devel-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-sysinit-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-tools-3.112-150400.3.57.1.x86_64.rpm libfreebl3-32bit-3.112-150400.3.57.1.x86_64.rpm libsoftokn3-32bit-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-32bit-3.112-150400.3.57.1.x86_64.rpm mozilla-nss-certs-32bit-3.112-150400.3.57.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2717 Security update for python311 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). libpython3_11-1_0-3.11.13-150600.3.35.1.x86_64.rpm python311-base-3.11.13-150600.3.35.1.x86_64.rpm python311-core-3.11.13-150600.3.35.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2586 Security update for rav1e moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rav1e fixes the following issues: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855) librav1e0_6-0.6.6-150600.3.3.1.x86_64.rpm rav1e-0.6.6-150600.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2740 Security update for tgt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tgt fixes the following issues: - CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target framework (bsc#1230360) tgt-1.0.85-150600.10.3.1.src.rpm tgt-1.0.85-150600.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2907 Recommended update for libpsm2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpsm2 fixes the following issues: - Completely disable AVX support and use only up to SSE4.2. (bsc#1245739) - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN libpsm2-12.0.1-150600.3.5.1.src.rpm libpsm2-2-12.0.1-150600.3.5.1.x86_64.rpm libpsm2-devel-12.0.1-150600.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2324 Security update for poppler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-52886: Fixed an integer overflow that can lead to a use-after-free. (bsc#1245625) libpoppler-cpp0-24.03.0-150600.3.16.1.x86_64.rpm libpoppler-devel-24.03.0-150600.3.16.1.x86_64.rpm libpoppler-glib-devel-24.03.0-150600.3.16.1.x86_64.rpm libpoppler-glib8-24.03.0-150600.3.16.1.x86_64.rpm libpoppler135-24.03.0-150600.3.16.1.x86_64.rpm poppler-24.03.0-150600.3.16.1.src.rpm poppler-tools-24.03.0-150600.3.16.1.x86_64.rpm typelib-1_0-Poppler-0_18-24.03.0-150600.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2356 Security update for poppler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-52886: Fixed an integer overflow that can lead to a use-after-free. (bsc#1245625) libpoppler89-0.79.0-150200.3.41.1.x86_64.rpm poppler-0.79.0-150200.3.41.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2266 Recommended update for sssd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Check if the memory cache fd was closed or hijacked (bsc#1243385). - Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325). libipa_hbac-devel-2.9.3-150700.9.6.2.x86_64.rpm libipa_hbac0-2.9.3-150700.9.6.2.x86_64.rpm libsss_certmap-devel-2.9.3-150700.9.6.2.x86_64.rpm libsss_certmap0-2.9.3-150700.9.6.2.x86_64.rpm libsss_idmap-devel-2.9.3-150700.9.6.2.x86_64.rpm libsss_idmap0-2.9.3-150700.9.6.2.x86_64.rpm libsss_nss_idmap-devel-2.9.3-150700.9.6.2.x86_64.rpm libsss_nss_idmap0-2.9.3-150700.9.6.2.x86_64.rpm libsss_simpleifp-devel-2.9.3-150700.9.6.2.x86_64.rpm libsss_simpleifp0-2.9.3-150700.9.6.2.x86_64.rpm python3-sssd-config-2.9.3-150700.9.6.2.x86_64.rpm sssd-2.9.3-150700.9.6.2.src.rpm sssd-2.9.3-150700.9.6.2.x86_64.rpm sssd-ad-2.9.3-150700.9.6.2.x86_64.rpm sssd-dbus-2.9.3-150700.9.6.2.x86_64.rpm sssd-ipa-2.9.3-150700.9.6.2.x86_64.rpm sssd-kcm-2.9.3-150700.9.6.2.x86_64.rpm sssd-krb5-2.9.3-150700.9.6.2.x86_64.rpm sssd-krb5-common-2.9.3-150700.9.6.2.x86_64.rpm sssd-ldap-2.9.3-150700.9.6.2.x86_64.rpm sssd-proxy-2.9.3-150700.9.6.2.x86_64.rpm sssd-tools-2.9.3-150700.9.6.2.x86_64.rpm sssd-winbind-idmap-2.9.3-150700.9.6.2.x86_64.rpm sssd-32bit-2.9.3-150700.9.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2260 Security update for libxml2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) libxml2-2-2.12.10-150700.4.3.1.x86_64.rpm libxml2-2.12.10-150700.4.3.1.src.rpm libxml2-devel-2.12.10-150700.4.3.1.x86_64.rpm libxml2-python-2.12.10-150700.4.3.1.src.rpm libxml2-tools-2.12.10-150700.4.3.1.x86_64.rpm python3-libxml2-2.12.10-150700.4.3.1.x86_64.rpm libxml2-2-32bit-2.12.10-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2536 Security update for boost important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) boost-1.66.0-150200.12.7.1.src.rpm boost-base-1.66.0-150200.12.7.1.src.rpm boost-license1_66_0-1.66.0-150200.12.7.1.noarch.rpm libboost_atomic1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_atomic1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_chrono1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_chrono1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_container1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_container1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_context1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_context1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_coroutine1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_coroutine1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_date_time1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_date_time1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_fiber1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_fiber1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_filesystem1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_filesystem1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_graph1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_graph1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_headers1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_iostreams1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_iostreams1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_locale1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_locale1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_log1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_log1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_math1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_math1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_program_options1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_program_options1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_python-py3-1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_python-py3-1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_random1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_random1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_regex1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_regex1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_serialization1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_serialization1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_signals1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_signals1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_stacktrace1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_stacktrace1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_system1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_system1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_test1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_test1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_thread1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_thread1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_timer1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_timer1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_type_erasure1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_type_erasure1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm libboost_wave1_66_0-1.66.0-150200.12.7.1.x86_64.rpm libboost_wave1_66_0-devel-1.66.0-150200.12.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2709 Recommended update for dracut moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dracut fixes the following issues: - fix (rngd): adjust license to match the license of the whole project - fix (dracut): kernel module name normalization in drivers lists (bsc#1241680) dracut-059+suse.564.g984c275a-150700.3.3.1.src.rpm dracut-059+suse.564.g984c275a-150700.3.3.1.x86_64.rpm dracut-fips-059+suse.564.g984c275a-150700.3.3.1.x86_64.rpm dracut-ima-059+suse.564.g984c275a-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2580 Recommended update for firewalld moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for firewalld fixes the following issues: - Do not recommend python311-firewalld (bsc#1246100) firewalld-2.0.1-150600.3.12.1.noarch.rpm firewalld-2.0.1-150600.3.12.1.src.rpm firewalld-bash-completion-2.0.1-150600.3.12.1.noarch.rpm firewalld-lang-2.0.1-150600.3.12.1.noarch.rpm firewalld-zsh-completion-2.0.1-150600.3.12.1.noarch.rpm python3-firewall-2.0.1-150600.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2713 Recommended update for hwinfo moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) hwinfo-21.89-150500.3.12.1.src.rpm hwinfo-21.89-150500.3.12.1.x86_64.rpm hwinfo-devel-21.89-150500.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2714 Recommended update for systemd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 libsystemd0-254.27-150600.4.43.3.x86_64.rpm True libudev1-254.27-150600.4.43.3.x86_64.rpm True systemd-254.27-150600.4.43.3.src.rpm True systemd-254.27-150600.4.43.3.x86_64.rpm True systemd-container-254.27-150600.4.43.3.x86_64.rpm True systemd-coredump-254.27-150600.4.43.3.x86_64.rpm True systemd-devel-254.27-150600.4.43.3.x86_64.rpm True systemd-doc-254.27-150600.4.43.3.x86_64.rpm True systemd-journal-remote-254.27-150600.4.43.3.x86_64.rpm True systemd-lang-254.27-150600.4.43.3.noarch.rpm True systemd-sysvcompat-254.27-150600.4.43.3.x86_64.rpm True udev-254.27-150600.4.43.3.x86_64.rpm True libsystemd0-32bit-254.27-150600.4.43.3.x86_64.rpm True libudev1-32bit-254.27-150600.4.43.3.x86_64.rpm True systemd-32bit-254.27-150600.4.43.3.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3263 Recommended update for installation-images moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for installation-images fixes the following issues: - Add uio_hv_generic.ko to module config - Add libopenssl-3-fips-provider to make fips work (bsc#1244208) - Add firmware file iwlwifi-gl-c0-fm-c0-92.ucode explicitly (bsc#1243020) * Fix Intel Wi-Fi 7 BE200 BT 5.4 wireless card Causes Installation Hang installation-images-SLES-16.60.7-150700.3.5.2.src.rpm tftpboot-installation-SLE-15-SP7-x86_64-16.60.7-150700.3.5.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3094 Optional update for NetworkManager low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for NetworkManager fixes the following issue - Add NetworkManager-wwan to SLE-Module-Desktop-Applications_15-SP7 (bsc#1246113) NetworkManager-1.44.2-150600.3.4.1.src.rpm libnm0-1.44.2-150600.3.4.1.x86_64.rpm typelib-1_0-NM-1_0-1.44.2-150600.3.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2776 Recommended update for systemd-rpm-macros moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). systemd-rpm-macros-16-150000.7.42.1.noarch.rpm systemd-rpm-macros-16-150000.7.42.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3260 Security update for net-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. net-tools-2.0+git20170221.479bb4a-150000.5.13.1.src.rpm net-tools-2.0+git20170221.479bb4a-150000.5.13.1.x86_64.rpm net-tools-lang-2.0+git20170221.479bb4a-150000.5.13.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2887 Recommended update for suse-module-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-module-tools fixes the following issues: - Version update 15.7.6 - Add missing util-linux requirement in the spec file (bsc#1241038). suse-module-tools-15.7.6-150700.3.3.3.src.rpm suse-module-tools-15.7.6-150700.3.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2315 Security update for xen important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: - Update to Xen 4.20.1 - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) xen-4.20.1_02-150700.3.8.1.src.rpm True xen-libs-4.20.1_02-150700.3.8.1.x86_64.rpm True xen-tools-domU-4.20.1_02-150700.3.8.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2838 Recommended update for suse-build-key moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). suse-build-key-12.0-150000.8.61.2.noarch.rpm suse-build-key-12.0-150000.8.61.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2527 Security update for polkit important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472) libpolkit-agent-1-0-121-150500.3.6.1.x86_64.rpm libpolkit-gobject-1-0-121-150500.3.6.1.x86_64.rpm pkexec-121-150500.3.6.1.x86_64.rpm polkit-121-150500.3.6.1.src.rpm polkit-121-150500.3.6.1.x86_64.rpm polkit-devel-121-150500.3.6.1.x86_64.rpm typelib-1_0-Polkit-1_0-121-150500.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2818 Security update for apache-commons-lang3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache-commons-lang3 fixes the following issues: - Update to version 3.18.0 - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397) apache-commons-lang3-3.18.0-150200.3.12.1.noarch.rpm apache-commons-lang3-3.18.0-150200.3.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2785 Security update for apache-commons-lang3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache-commons-lang3 fixes the following issues: - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397) apache-commons-lang-2.6-150200.14.3.1.noarch.rpm apache-commons-lang-2.6-150200.14.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2349 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: - Upgrade to release 9.20.11 - CVE-2025-40777: Fixed a possible assertion failure when stale-answer-client-timeout is set to 0. (bsc#1246548) bind-9.20.11-150700.3.6.1.src.rpm bind-utils-9.20.11-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2343 Recommended update for samba moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431); - Trust domains are not created; - Startup messages of rpc deamons fills /var/log/messages; ldb-tools-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm libldb-devel-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm libldb2-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm python3-ldb-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-4.21.6+git.493.f39e13aba14-150700.3.6.1.src.rpm samba-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-ceph-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-client-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-client-libs-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-dcerpc-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-devel-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-gpupdate-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-ldb-ldap-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-libs-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-libs-python3-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-python3-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-tool-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-winbind-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-winbind-libs-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm libldb2-32bit-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-client-libs-32bit-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-libs-32bit-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm samba-winbind-libs-32bit-4.21.6+git.493.f39e13aba14-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2720 Recommended update for crypto-policies moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum crypto-policies-20230920.570ea89-150600.3.12.1.noarch.rpm crypto-policies-20230920.570ea89-150600.3.12.1.src.rpm crypto-policies-scripts-20230920.570ea89-150600.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2518 Recommended update for multipath-tools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for multipath-tools fixes the following issues: - multipath-tools: add HPE MSA Gen7 (2070/2072) to hwtable (bsc#1246501) - multipathd: cli_reinstate(): avoid reinstated paths being failed again (bsc#1244917) kpartx-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm libdmmp-devel-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm libdmmp0_2_0-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm libmpath0-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm multipath-tools-0.10.3+124+suse.ed5b4b11-150700.3.3.1.src.rpm multipath-tools-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm multipath-tools-devel-0.10.3+124+suse.ed5b4b11-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2595 Security update for gnutls important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) gnutls-3.8.3-150600.4.9.1.src.rpm gnutls-3.8.3-150600.4.9.1.x86_64.rpm libgnutls-devel-3.8.3-150600.4.9.1.x86_64.rpm libgnutls30-3.8.3-150600.4.9.1.x86_64.rpm libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64.rpm libgnutlsxx30-3.8.3-150600.4.9.1.x86_64.rpm libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2672 Security update for sqlite3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) libsqlite3-0-3.50.2-150000.3.33.1.x86_64.rpm sqlite3-3.50.2-150000.3.33.1.src.rpm sqlite3-3.50.2-150000.3.33.1.x86_64.rpm sqlite3-devel-3.50.2-150000.3.33.1.x86_64.rpm sqlite3-tcl-3.50.2-150000.3.33.1.x86_64.rpm libsqlite3-0-32bit-3.50.2-150000.3.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2734 Security update for dpkg moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) update-alternatives-1.19.0.4-150000.4.7.1.src.rpm update-alternatives-1.19.0.4-150000.4.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2548 Recommended update for perl-Bootloader important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl-Bootloader fixes the following issues: - avoid spurious warning messages when parsing /etc/default/grub (bsc#1246373, bsc#1245323) perl-Bootloader-1.25-150700.3.3.1.src.rpm perl-Bootloader-1.25-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2612 Recommended update for yast2-packager important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2-packager fixes the following issues: - Fix Internal Error: Encoding::CompatibilityError when adding SLE-HA as add-on product (bsc#1245555) yast2-packager-4.7.1-150700.3.5.1.src.rpm yast2-packager-4.7.1-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2813 Recommended update for grub2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) grub2-2.12-150700.19.13.2.src.rpm grub2-2.12-150700.19.13.2.x86_64.rpm grub2-i386-pc-2.12-150700.19.13.2.noarch.rpm grub2-snapper-plugin-2.12-150700.19.13.2.noarch.rpm grub2-systemd-sleep-plugin-2.12-150700.19.13.2.noarch.rpm grub2-x86_64-efi-2.12-150700.19.13.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2615 Recommended update for nvidia-open-driver-G06-signed important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - update non-CUDA variant to 570.172.08 (bsc#1246327) - Update pci_ids-supported - Empty pci_ids-570.169; PCI ID hardware Supplements get moved to gfx repository to package nvidia-open-driver-G06-signed-kmp-meta (bsc#1246010) - Remove 60-nvidia-$flavor.conf, since driver no longer gets autoselected without gfx/cuda repositories present and so we no longer need to disable it by default (bsc#1246010) nv-prefer-signed-open-driver-575.57.08-150700.3.14.2.x86_64.rpm nvidia-open-driver-G06-signed-570.172.08-150700.3.14.2.src.rpm nvidia-open-driver-G06-signed-cuda-575.57.08-150700.3.14.2.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-575.57.08-150700.3.14.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-575.57.08_k6.4.0_150700.51-150700.3.14.2.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-570.172.08-150700.3.14.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-570.172.08_k6.4.0_150700.51-150700.3.14.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2599 Recommended update for openssl-3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) libopenssl-3-devel-3.2.3-150700.5.15.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.15.1.x86_64.rpm libopenssl3-3.2.3-150700.5.15.1.x86_64.rpm openssl-3-3.2.3-150700.5.15.1.src.rpm openssl-3-3.2.3-150700.5.15.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.15.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3228 Recommended update for console-setup, kbd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for console-setup and kbd fixes the following issues: console-setup: - Fix unicode check (bsc#1246522) kbd: - Improve error message on unsupported unicode value kbd-2.4.0-150700.15.6.1.src.rpm kbd-2.4.0-150700.15.6.1.x86_64.rpm kbd-legacy-2.4.0-150700.15.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2816 Security update for libavif moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libavif fixes the following issues: - update to 1.3.0: - CVE-2025-48175: Fixed an integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (bsc#1243270) - CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in stream->offset+size. (bsc#1243269) libavif-1.3.0-150700.3.6.1.src.rpm libavif16-1.3.0-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3198 Security update for curl important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. curl-8.14.1-150600.4.28.1.src.rpm curl-8.14.1-150600.4.28.1.x86_64.rpm libcurl-devel-8.14.1-150600.4.28.1.x86_64.rpm libcurl4-8.14.1-150600.4.28.1.x86_64.rpm libcurl4-32bit-8.14.1-150600.4.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2763 Optional update for libyaml moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. libyaml-0-2-0.1.7-150000.3.4.1.x86_64.rpm libyaml-0.1.7-150000.3.4.1.src.rpm libyaml-devel-0.1.7-150000.3.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2617 Security update for libxml2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) libxml2-2-2.12.10-150700.4.6.1.x86_64.rpm libxml2-2.12.10-150700.4.6.1.src.rpm libxml2-devel-2.12.10-150700.4.6.1.x86_64.rpm libxml2-python-2.12.10-150700.4.6.1.src.rpm libxml2-tools-2.12.10-150700.4.6.1.x86_64.rpm python3-libxml2-2.12.10-150700.4.6.1.x86_64.rpm libxml2-2-32bit-2.12.10-150700.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2592 Security update for cosign important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: - Add signing-config create command (#4280) - Allow multiple services to be specified for trusted-root create (#4285) - force when copying the latest image to overwrite (#4298) - Fix cert verification logic for trusted-root/SCTs (#4294) - Fix lint error for types package (#4295) - feat: Add OCI 1.1+ experimental support to tree (#4205) - Add validity period end for trusted-root create (#4271) - avoid double-loading trustedroot from file (#4264) Update to 2.5.2: - Do not load trusted root when CT env key is set - docs: improve doc for --no-upload option (#4206) Update to 2.5.1: - Add Rekor v2 support for trusted-root create (#4242) - Add baseUrl and Uri to trusted-root create command - Upgrade to TUF v2 client with trusted root - Don't verify SCT for a private PKI cert (#4225) - Bump TSA library to relax EKU chain validation rules (#4219) - Bump sigstore-go to pick up log index=0 fix (#4162) - remove unused recursive flag on attest command (#4187) cosign-2.5.3-150400.3.30.1.src.rpm cosign-2.5.3-150400.3.30.1.x86_64.rpm cosign-bash-completion-2.5.3-150400.3.30.1.noarch.rpm cosign-zsh-completion-2.5.3-150400.3.30.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2657 Security update for java-21-openjdk important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with "Didn't find enough line numbers" + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with "setLocation() is not working properly" + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with "The size should be less than or equal to peak" + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert "c2 compiler bug" + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as "unlimited" + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes "Archive" regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with "SocketException: Permission denied: connect" + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with "java.net.BindException: Address already in use" (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: "Total compile time" counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with "space" key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use "/native" Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with "assert(false) failed: empty program detected during loop optimization" + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 java-21-openjdk-21.0.8.0-150600.3.15.1.src.rpm java-21-openjdk-21.0.8.0-150600.3.15.1.x86_64.rpm java-21-openjdk-demo-21.0.8.0-150600.3.15.1.x86_64.rpm java-21-openjdk-devel-21.0.8.0-150600.3.15.1.x86_64.rpm java-21-openjdk-headless-21.0.8.0-150600.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2964 Security update for glibc moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) glibc-2.38-150600.14.37.1.src.rpm glibc-2.38-150600.14.37.1.x86_64.rpm glibc-devel-2.38-150600.14.37.1.x86_64.rpm glibc-extra-2.38-150600.14.37.1.x86_64.rpm glibc-i18ndata-2.38-150600.14.37.1.noarch.rpm glibc-info-2.38-150600.14.37.1.noarch.rpm glibc-lang-2.38-150600.14.37.1.noarch.rpm glibc-locale-2.38-150600.14.37.1.x86_64.rpm glibc-locale-base-2.38-150600.14.37.1.x86_64.rpm glibc-profile-2.38-150600.14.37.1.x86_64.rpm libnsl1-2.38-150600.14.37.1.x86_64.rpm nscd-2.38-150600.14.37.1.x86_64.rpm glibc-32bit-2.38-150600.14.37.1.x86_64.rpm glibc-locale-base-32bit-2.38-150600.14.37.1.x86_64.rpm libnsl1-32bit-2.38-150600.14.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2685 Security update for apache2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) apache2-2.4.62-150700.4.3.1.src.rpm apache2-2.4.62-150700.4.3.1.x86_64.rpm apache2-prefork-2.4.62-150700.4.3.1.src.rpm apache2-prefork-2.4.62-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3352 Security update for openjpeg2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openjpeg2 fixes the following issues: - CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638). libopenjp2-7-2.3.0-150000.3.21.1.x86_64.rpm openjpeg2-2.3.0-150000.3.21.1.src.rpm openjpeg2-2.3.0-150000.3.21.1.x86_64.rpm openjpeg2-devel-2.3.0-150000.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2723 Recommended update for SSSD moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd realmd-0.16.3-150200.3.11.1.src.rpm realmd-0.16.3-150200.3.11.1.x86_64.rpm realmd-lang-0.16.3-150200.3.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3044 Recommended update for cpupower moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cpupower fixes the following issues: - Show first 2 lines of kernel-source sources built against package description. - Show latest git hash commit ID there to be able to track exact sources the package has been built against. - This is essential to be able to determine the exact sources (from kernel-source) the tools are built against. cpupower-6.4.0-150700.9.3.3.src.rpm cpupower-6.4.0-150700.9.3.3.x86_64.rpm cpupower-bash-completion-6.4.0-150700.9.3.3.noarch.rpm cpupower-devel-6.4.0-150700.9.3.3.x86_64.rpm cpupower-lang-6.4.0-150700.9.3.3.noarch.rpm libcpupower1-6.4.0-150700.9.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2840 Recommended update for libnvme, nvme-cli moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Version update 1.11+6.g0d17be77: - tree: free ctrl attributes when reconfigured (bsc#1243716). - tree: filter tree after scan has completed (bsc#1243716). - Version update 2.11+26.gfbd2b4f4: - nvme: fix mem leak in nvme copy (bsc#1243716). - nvme: extend filter to match device name (bsc#1243716). - nvme-print: suppress output when no ctrl is present for list-subsys (bsc#1243716). - udev-rules-ontap: switch to queue-depth iopolicy (bsc#1246599). libnvme-1.11+6.g0d17be77-150700.4.6.2.src.rpm libnvme-devel-1.11+6.g0d17be77-150700.4.6.2.x86_64.rpm libnvme-mi1-1.11+6.g0d17be77-150700.4.6.2.x86_64.rpm libnvme1-1.11+6.g0d17be77-150700.4.6.2.x86_64.rpm nvme-cli-2.11+26.gfbd2b4f4-150700.3.6.2.src.rpm nvme-cli-2.11+26.gfbd2b4f4-150700.3.6.2.x86_64.rpm nvme-cli-bash-completion-2.11+26.gfbd2b4f4-150700.3.6.2.noarch.rpm nvme-cli-zsh-completion-2.11+26.gfbd2b4f4-150700.3.6.2.noarch.rpm python3-libnvme-1.11+6.g0d17be77-150700.4.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3025 Security update for javamail moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for javamail fixes the following issues: - Update to version 1.6.2 - CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 characters can lead to SMTP injection (bsc#1246873) javamail-1.6.2-150200.3.7.1.noarch.rpm javamail-1.6.2-150200.3.7.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2660 Recommended update for alsa-ucm-conf important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alsa-ucm-conf fixes the following issues: - Drop previous patches that caused regressions (bsc#1246737, bsc#1246763); - Keep the ACP-7 enablement patch meanwhile; alsa-ucm-conf-1.2.10-150600.3.8.1.noarch.rpm alsa-ucm-conf-1.2.10-150600.3.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2549 Recommended update for qemu moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for qemu fixes the following issues: - [roms] seabios: include "pciinit: don't misalign large BARs" (bsc#1246566) qemu-9.2.4-150700.3.8.1.src.rpm qemu-img-9.2.4-150700.3.8.1.x86_64.rpm qemu-pr-helper-9.2.4-150700.3.8.1.x86_64.rpm qemu-tools-9.2.4-150700.3.8.1.x86_64.rpm qemu-vmsr-helper-9.2.4-150700.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3268 Security update for curl important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. brotli-1.0.7-150200.3.5.1.src.rpm libbrotli-devel-1.0.7-150200.3.5.1.x86_64.rpm libbrotlicommon1-1.0.7-150200.3.5.1.x86_64.rpm libbrotlidec1-1.0.7-150200.3.5.1.x86_64.rpm libbrotlienc1-1.0.7-150200.3.5.1.x86_64.rpm libbrotlicommon1-32bit-1.0.7-150200.3.5.1.x86_64.rpm libbrotlidec1-32bit-1.0.7-150200.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2940 Recommended update for open-iscsi moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-iscsi fixes the following issues: - README for rpm build directory - Fix issue with IPv6 adapter interfaces (bsc#1240969) - fwparam_ppc.c: Fix the calloc-transposed-args issue - Makefile: fix "No rule to make target 'iscsiuio/Makefile.in" issue - Fix typo in initiator.c - Fixed some issues in this changes file - One date had incorrect format from 2014 - Two separator lines were formatted incrrectly iscsiuio-0.7.8.8-150700.57.3.1.x86_64.rpm libopeniscsiusr0-0.2.0-150700.57.3.1.x86_64.rpm open-iscsi-2.1.11-150700.57.3.1.src.rpm open-iscsi-2.1.11-150700.57.3.1.x86_64.rpm open-iscsi-devel-2.1.11-150700.57.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2696 Recommended update for yast2-iscsi-client important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2-iscsi-client fixes the following issues: - Ensure to hide passwords (bsc#1246833) - Update to version 4.7.6 yast2-iscsi-client-4.7.6-150700.3.3.1.noarch.rpm yast2-iscsi-client-4.7.6-150700.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2722 Recommended update for yast2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2 fixes the following issues: - Do not try installing packages into the inst-sys during installation (bsc#1240867) yast2-4.7.1-150700.3.3.1.src.rpm yast2-4.7.1-150700.3.3.1.x86_64.rpm yast2-logs-4.7.1-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2985 Security update for python-urllib3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) python-urllib3-1.25.10-150300.4.18.1.src.rpm python3-urllib3-1.25.10-150300.4.18.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2890 Recommended update for openssl-1_1 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] libopenssl1_1-1.1.1w-150700.11.3.1.x86_64.rpm openssl-1_1-1.1.1w-150700.11.3.1.src.rpm libopenssl1_1-32bit-1.1.1w-150700.11.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4153 Recommended update for s390-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for s390-tools fixes the following issues: - Fix gen of cert or CSR to use RSA not RSA-PSS (bsc#1250643). - Amended .spec file for opticsmon.service (bsc#1246669). - Applied patch to fix DPU utilization calculation scaling for chpstat (bsc#1248264). - Amended the .spec file to remove embedded build counter for binaries (bsc#1246792). - Reapplied original vendor.tar.zst fw file. - Fix CCA host version detection for newer CCA versions. s390-tools-2.37.0-150700.4.15.3.src.rpm s390-tools-2.37.0-150700.4.15.3.x86_64.rpm s390-tools-genprotimg-data-2.37.0-150700.4.15.3.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2914 Security update for docker moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) docker-28.3.3_ce-150000.230.1.src.rpm docker-28.3.3_ce-150000.230.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-741 Security update for shim moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix "Verifiying" typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as "vendor_db" - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs shim-16.1-150300.4.31.3.src.rpm shim-16.1-150300.4.31.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2954 Security update for gdk-pixbuf important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gdk-pixbuf fixes the following issues: - CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227) - CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114) gdk-pixbuf-2.42.12-150600.3.8.1.src.rpm gdk-pixbuf-devel-2.42.12-150600.3.8.1.x86_64.rpm gdk-pixbuf-lang-2.42.12-150600.3.8.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-150600.3.8.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-150600.3.8.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-150600.3.8.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.8.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.8.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.8.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2921 Recommended update for libzypp, zypper important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept "show" as alias for "info" (bsc#1245985) libzypp-17.37.16-150600.3.79.1.src.rpm True libzypp-17.37.16-150600.3.79.1.x86_64.rpm True libzypp-devel-17.37.16-150600.3.79.1.x86_64.rpm True zypper-1.14.93-150600.10.49.2.src.rpm True zypper-1.14.93-150600.10.49.2.x86_64.rpm True zypper-log-1.14.93-150600.10.49.2.noarch.rpm True zypper-needs-restarting-1.14.93-150600.10.49.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3335 Recommended update for hyper-v moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for hyper-v fixes the following issues: - fcopy bugfix - Fix irregularities with size of ring buffer - Fix incorrect file path conversion - Enable debug logs for hv_kvp_daemon (bsc#1244154). - Update route parsing in kvp daemon. hyper-v-9-150700.3.3.2.src.rpm hyper-v-9-150700.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2915 Security update for jq moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) jq-1.6-150000.3.9.1.src.rpm jq-1.6-150000.3.9.1.x86_64.rpm libjq-devel-1.6-150000.3.9.1.x86_64.rpm libjq1-1.6-150000.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2770 Security update for tiff important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used libtiff-devel-4.7.0-150600.3.13.1.x86_64.rpm libtiff6-4.7.0-150600.3.13.1.x86_64.rpm tiff-4.7.0-150600.3.13.1.src.rpm libtiff6-32bit-4.7.0-150600.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2815 Security update for tiff important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) libtiff5-4.0.9-150000.45.50.1.x86_64.rpm tiff-4.0.9-150000.45.50.1.src.rpm libtiff5-32bit-4.0.9-150000.45.50.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2791 Security update for poppler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-50420: Fixed Denial of Service in pdfseparate utility (bsc#1247590) libpoppler-cpp0-24.03.0-150600.3.19.1.x86_64.rpm libpoppler-devel-24.03.0-150600.3.19.1.x86_64.rpm libpoppler-glib-devel-24.03.0-150600.3.19.1.x86_64.rpm libpoppler-glib8-24.03.0-150600.3.19.1.x86_64.rpm libpoppler135-24.03.0-150600.3.19.1.x86_64.rpm poppler-24.03.0-150600.3.19.1.src.rpm poppler-tools-24.03.0-150600.3.19.1.x86_64.rpm typelib-1_0-Poppler-0_18-24.03.0-150600.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3378 Security update for luajit low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for luajit fixes the following issues: - CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c (bsc#1246077) - CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable (bsc#1246078) - CVE-2024-25178: Fixed out-of-bounds read in the stack-overflow handler in lj_state.c (bsc#1246079) libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1.x86_64.rpm luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3246 Security update for nvidia-open-driver-G06-signed important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: Updated CUDA variant to 580.82.07: - CVE-2025-23277: Fixed access to memory outside bounds permitted under normal use cases in NVIDIA Display Driver (bsc#1247528). - CVE-2025-23278: Fixed improper index validation by issuing a call with crafted parameters in NVIDIA Display Driver (bsc#1247529). - CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530). - CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531). - CVE-2025-23279: Fixed race condition that leads to privileges escalations in NVIDIA .run Installer (bsc#1247532). Update non-CUDA variant to 580.82.07 (bsc#1249235). Other fixes: - Added Requires to be provided by special versions of nvidia-modprobe and nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295). - Get rid of rule of older KMPs not to load nvidia_drm module, which are still installed in parallel and therefore still active (bsc#1247923). nv-prefer-signed-open-driver-580.82.07-150700.3.21.1.x86_64.rpm nvidia-open-driver-G06-signed-580.82.07-150700.3.21.1.src.rpm nvidia-open-driver-G06-signed-cuda-580.82.07-150700.3.21.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150700.3.21.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_150700.53.11-150700.3.21.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.82.07-150700.3.21.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_150700.53.11-150700.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2997 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: enabled CONFIG_X86_INTEL_TSX_MODE_AUTO (bsc#1139073, bsc#1246695) - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-39298:mm/memory-failure: fix handling of dissolved but not taken off from buddy pages (bsc#1227082). - CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: kABI workaround for bpf: Do not include stack ptr register in precision backtracking bookkeeping (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - accel/ivpu: Remove copy engine support (stable-fixes). - acpi: LPSS: Remove AudioDSP related ID (git-fixes). - acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - acpi: processor: perflib: Fix initial _PPC limit application (git-fixes). - acpica: Refuse to evaluate a method if arguments are missing (stable-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - alsa: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes). - alsa: hda/tegra: Add Tegra264 support (stable-fixes). - alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - alsa: hda: Ignore unsol events for cards being shut down (stable-fixes). - alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes). - alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - alsa: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - asoc: amd: yc: update quirk data for HP Victus (stable-fixes). - asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - asoc: fsl_sai: Force a software reset when starting in consumer mode (git-fixes). - asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - asoc: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes). - asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - bluetooth: HCI: Set extended advertising data synchronously (git-fixes). - bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes). - bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_core: add missing braces when using macro parameters (git-fixes). - bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - bluetooth: hci_sync: revert some mesh modifications (git-fixes). - bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes). - bonding: Correctly support GSO ESP offload (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731). - dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731). - devlink: Add support for u64 parameters (jsc#PED-12745). - devlink: Add support for u64 parameters (jsc#PED-12745). - devlink: avoid param type value translations (jsc#PED-12745). - devlink: avoid param type value translations (jsc#PED-12745). - devlink: define enum for attr types of dynamic attributes (jsc#PED-12745). - devlink: define enum for attr types of dynamic attributes (jsc#PED-12745). - devlink: introduce devlink_nl_put_u64() (jsc#PED-12745). - devlink: introduce devlink_nl_put_u64() (jsc#PED-12745). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731). - documentation/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731). - documentation: ACPI: Fix parent device references (git-fixes). - documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - dpll: Add basic Microchip ZL3073x support (jsc#PED-12745). - dpll: Add basic Microchip ZL3073x support (jsc#PED-12745). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745). - drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes). - drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes). - drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/display: Fix RMCM programming seq errors (stable-fixes). - drm/amd/display: Fix mpv playback corruption on weston (stable-fixes). - drm/amd/display: Free memory allocation (stable-fixes). - drm/amd/display: fix initial backlight brightness calculation (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes). - drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes). - drm/amdgpu: Add kicker device detection (stable-fixes). - drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes). - drm/amdgpu: Increase reset counter only on success (stable-fixes). - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes). - drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes). - drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes). - drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes). - drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes). - drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/connector: hdmi: Evaluate limited range after computing format (git-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes). - drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes). - drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes). - drm/mediatek: only announce AFBC if really supported (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/nouveau: check ioctl command codes better (git-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/v3d: Disable interrupts before resetting the GPU (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - drm/xe/bmg: fix compressed VRAM handling (git-fixes). - drm/xe/guc: Dead CT helper (stable-fixes). - drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes). - drm/xe/guc_submit: add back fix (git-fixes). - drm/xe/mocs: Initialize MOCS index early (stable-fixes). - drm/xe/pf: Clear all LMTT pages on alloc (git-fixes). - drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes). - drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes). - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes). - drm/xe/uapi: Correct sync type definition in comments (git-fixes). - drm/xe/vf: Disable CSC support on VF (git-fixes). - drm/xe: Allocate PF queue size on pow2 boundary (git-fixes). - drm/xe: Allow bo mapping on multiple ggtts (stable-fixes). - drm/xe: Fix DSB buffer coherency (stable-fixes). - drm/xe: Fix build without debugfs (git-fixes). - drm/xe: Fix early wedge on GuC load failure (git-fixes). - drm/xe: Fix taking invalid lock on wedge (stable-fixes). - drm/xe: Move DSB l2 flush to a more sensible place (git-fixes). - drm/xe: Replace double space with single space after comma (stable-fixes). - drm/xe: add interface to request physical alignment for buffer objects (stable-fixes). - drm/xe: move DPT l2 flush to a more sensible place (git-fixes). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745). - e1000: Move cancel_work_sync to avoid deadlock (git-fixes). - enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fix dma_unmap_sg() nents value (git-fixes) - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - hid: core: do not bypass hid_hw_raw_request (stable-fixes). - hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: fix eswitch code memory leak in reset scenario (git-fixes). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - input: iqs7222 - explicitly define number of external channels (git-fixes). - input: xpad - adjust error handling for disconnect (git-fixes). - input: xpad - set correct controller type for Acer NGR200 (git-fixes). - input: xpad - support Acer NGR 200 Controller (stable-fixes). - io_uring/timeout: fix multishot updates (bsc#1247021). - io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731). - kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731). - kABI workaround for fw_attributes_class_get() (stable-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kabi/severities: ignore two unused/dropped symbols from MEI - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 ("kernel-obs-qa: Use srchash for dependency as well") - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - kvm: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - logitech C-270 even more broken (stable-fixes). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes). - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: verisilicon: Fix AV1 decoder clock frequency (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - mei: vsc: Destroy mutex after freeing the IRQ (git-fixes). - mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes). - mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes). - mei: vsc: Event notifier fixes (git-fixes). - mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes). - mei: vsc: Run event callback from a workqueue (git-fixes). - mei: vsc: Unset the event callback on remove and probe errors (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes). - mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731). - mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netlink: fix policy dump for int with validation callback (jsc#PED-12745). - netlink: fix policy dump for int with validation callback (jsc#PED-12745). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745). - netlink: specs: nfsd: replace underscores with dashes in names (git-fixes). - netlink: specs: tc: replace underscores with dashes in names (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nfsv4.2: another fix for listxattr (git-fixes). - nfsv4.2: fix listxattr to return selinux security label (git-fixes). - nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - nfsv4: Always set NLINK even if the server does not support it (git-fixes). - nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - pci: endpoint: Fix configfs group list head handling (git-fixes). - pci: endpoint: Fix configfs group removal on driver teardown (git-fixes). - pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - pci: rockchip-host: Fix "Unexpected Completion" log message (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: Fix initialization order for firmware_attributes_class (git-fixes). - platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes). - platform/x86: firmware_attributes_class: Simplify API (stable-fixes). - platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes). - platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: make fw_attr_class constant (stable-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - pm / devfreq: Check governor before using governor->name (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - pwm: rockchip: Round period/duty down on apply, up on get (git-fixes). - rdma/core: Rate limit GID cache warning messages (git-fixes) - rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - rdma/hns: Drop GFP_NOWARN (git-fixes) - rdma/hns: Fix -Wframe-larger-than issue (git-fixes) - rdma/hns: Fix HW configurations not cleared in error flow (git-fixes) - rdma/hns: Fix accessing uninitialized resources (git-fixes) - rdma/hns: Fix double destruction of rsv_qp (git-fixes) - rdma/hns: Get message length of ack_req from FW (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - rdma/mlx5: Fix CC counters query for MPV (git-fixes) - rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes) - rdma/mlx5: Fix UMR modifying of mkey page size (git-fixes) - rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - rdma/mlx5: Fix vport loopback for MPV device (git-fixes) - rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - rdma/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes) - rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - re-enable qmi_wwan for arm64 (bsc#1246113) - reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes). - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - revert "ACPI: battery: negate current when discharging" (stable-fixes). - revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (bsc#1219338). - revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" (stable-fixes). - revert "drm/nouveau: check ioctl command codes better" (git-fixes). - revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" (git-fixes). - revert "mmc: sdhci: Disable SD card clock before changing parameters" (git-fixes). - revert "usb: xhci: Implement xhci_handshake_check_state() helper" (git-fixes). - revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too. - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644). - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes). - scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes). - scsi: fnic: Set appropriate logging level for log message (bsc#1246644). - scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - sprintf.h requires stdarg.h (git-fixes). - sprintf.h: mask additional include (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - supported.conf: Mark ZL3073X modules supported - supported.conf: add missing entries for armv7hl - supported.conf: move nvme-apple to optional again - supported.conf: sort entries again - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes). - thermal: trip: Use common set of trip type names (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - update config files (bsc#1243678) - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - usb: serial: option: add Foxconn T99W640 (stable-fixes). - usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes). - wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes). - wifi: cfg80211: remove scan request n_channels counted_by (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: finish link init before RCU publish (git-fixes). - wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rt2x00: fix remove callback type mismatch (git-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449). - x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes). - x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes). - x86/cpu: Expose only stepping min/max interface (git-fixes). - x86/cpu: Introduce new microcode matching helper (git-fixes). - x86/cpu: Move AMD erratum 1386 table over to 'x86_cpu_id' (git-fixes). - x86/cpu: Replace PEBS use of 'x86_cpu_desc' use with 'x86_cpu_id' (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). kernel-default-6.4.0-150700.53.11.1.nosrc.rpm True kernel-default-6.4.0-150700.53.11.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.src.rpm True kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.11.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.11.1.noarch.rpm True kernel-macros-6.4.0-150700.53.11.1.noarch.rpm True kernel-source-6.4.0-150700.53.11.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2765 Security update for webkit2gtk3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for webkit2gtk3 fixes the following issues: Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. (bsc#1247564) - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web content may lead to memory corruption. (bsc#1247563) - CVE-2025-43211: Fixed a vulnerability where processing web content may lead to a denial-of-service. (bsc#1247562) - CVE-2025-43212: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247595) - CVE-2025-43216: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247596) - CVE-2025-43227: Fixed a vulnerability where processing maliciously crafted web content may disclose sensitive user information. (bsc#1247597) - CVE-2025-43228: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1247598) - CVE-2025-43240: Fixed a vulnerability where a download's origin may be incorrectly associated. (bsc#1247599) - CVE-2025-43265: Fixed a vulnerability where processing maliciously crafted web content may disclose internal states of the app. (bsc#1247600) - CVE-2025-6558: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247742) Other fixes: - Improve emoji font selection with USE_SKIA=ON. - Improve playback of multimedia streams from blob URLs. - Fix the build with USE_SKIA_OPENTYPE_SVG=ON and USE_SYSPROF_CAPTURE=ON. - Fix crash when using a WebKitWebView widget in an offscreen window. - Fix several crashes and rendering issues. - Fix a crash introduced by the new threaded rendering implementation using Skia API. - Improve rendering performance by recording layers once and replaying every dirty region in different worker threads. - Fix a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0. - Fix a reference cycle in webkitmediastreamsrc preventing its disposal. - Increase mem_per_process again to avoid running out of memory. WebKitGTK-4.0-lang-2.48.5-150600.12.43.1.noarch.rpm WebKitGTK-6.0-lang-2.48.5-150600.12.43.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.48.5-150600.12.43.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.48.5-150600.12.43.1.x86_64.rpm libwebkit2gtk-4_0-37-2.48.5-150600.12.43.1.x86_64.rpm libwebkitgtk-6_0-4-2.48.5-150600.12.43.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.48.5-150600.12.43.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.48.5-150600.12.43.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.48.5-150600.12.43.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.48.5-150600.12.43.1.x86_64.rpm webkit2gtk3-soup2-2.48.5-150600.12.43.1.src.rpm webkit2gtk3-soup2-devel-2.48.5-150600.12.43.1.x86_64.rpm webkit2gtk4-2.48.5-150600.12.43.1.src.rpm webkitgtk-6_0-injected-bundles-2.48.5-150600.12.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3077 Security update for rav1e moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rav1e fixes the following issues: - CVE-2024-58266: shlex: Fixed certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247207) librav1e0_6-0.6.6-150600.3.6.1.x86_64.rpm rav1e-0.6.6-150600.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3012 security update for git, git-lfs, obs-scm-bridge, python-PyYAML important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. git-2.51.0-150600.3.12.1.src.rpm git-core-2.51.0-150600.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2874 Recommended update for openssl-3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) libopenssl-3-devel-3.2.3-150700.5.18.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.18.1.x86_64.rpm libopenssl3-3.2.3-150700.5.18.1.x86_64.rpm openssl-3-3.2.3-150700.5.18.1.src.rpm openssl-3-3.2.3-150700.5.18.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.18.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3461 Security update for ghostscript low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization (bsc#1243701) ghostscript-9.52-150000.206.1.src.rpm ghostscript-9.52-150000.206.1.x86_64.rpm ghostscript-devel-9.52-150000.206.1.x86_64.rpm ghostscript-x11-9.52-150000.206.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3072 Recommended update for sysstat moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sysstat fixes the following issues: - Renaming services to allow preset in systemd-presets-branding-SLE to work (bsc#1244553, bsc#1246835). - Fix argument order of find (bsc#1246852). - Fix systemd timers that are not enabled after upgrade (bsc#1244553). - deleted 90-sysstat.preset file, not needed anymore. sysstat-12.0.2-150000.3.48.3.src.rpm sysstat-12.0.2-150000.3.48.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3059 Recommended update for python-email_validator moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-email_validator fixes the following issues: - Use update-alternatives for /usr/bin/email_validator to remove conflict with python311-email_validator (bsc#1247566) python-email_validator-1.1.0-150200.3.3.1.src.rpm python3-email_validator-1.1.0-150200.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3286 Recommended update for gtk3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gtk3 fixes the following issues: - Fixed issue with window dimensions (bsc#1247503) gtk3-3.24.43-150600.3.10.1.src.rpm gtk3-data-3.24.43-150600.3.10.1.noarch.rpm gtk3-devel-3.24.43-150600.3.10.1.x86_64.rpm gtk3-lang-3.24.43-150600.3.10.1.noarch.rpm gtk3-schema-3.24.43-150600.3.10.1.noarch.rpm gtk3-tools-3.24.43-150600.3.10.1.x86_64.rpm libgtk-3-0-3.24.43-150600.3.10.1.x86_64.rpm typelib-1_0-Gtk-3_0-3.24.43-150600.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3305 Recommended update for dracut moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) dracut-059+suse.565.g51c2c969-150700.3.6.1.src.rpm dracut-059+suse.565.g51c2c969-150700.3.6.1.x86_64.rpm dracut-fips-059+suse.565.g51c2c969-150700.3.6.1.x86_64.rpm dracut-ima-059+suse.565.g51c2c969-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3066 Recommended update for systemd-presets-branding-SLE moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - Modified default SLE presets. systemd-presets-branding-SLE-15.1-150600.35.3.1.noarch.rpm systemd-presets-branding-SLE-15.1-150600.35.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3205 Security update for busybox, busybox-links moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) - CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: - fix generation of file lists via Dockerfile - add copy of busybox.links from the container to catch changes to busybox config - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) - Add getfattr applet to attr filelist - busybox-udhcpc conflicts with udhcp. - Add new sub-package for udhcpc - zgrep: don't set the label option as only the real grep supports it (bsc#1215943) - Add conflict for coreutils-systemd, package got splitted - Check in filelists instead of buildrequiring all non-busybox utils - Replace transitional %usrmerged macro with regular version check (bsc#1206798) - Create sub-package "hexedit" [bsc#1203399] - Create sub-package "sha3sum" [bsc#1203397] - Drop update-alternatives support - Add provides smtp_daemon to busybox-sendmail - Add conflicts: mawk to busybox-gawk - fix mkdir path to point to /usr/bin instead of /bin - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) - Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883] - Replace transitional %usrmerged macro with regular version check (bsc#1206798) busybox-1.37.0-150700.18.4.1.src.rpm busybox-1.37.0-150700.18.4.1.x86_64.rpm busybox-static-1.37.0-150700.18.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3328 Recommended update for mutt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mutt fixes the following issues: mutt was updated from version 2.2.12 to 2.2.14: - Changes: * Moved configuration file from `/etc/Muttrc` to `/usr/share/mutt/Muttrc` * Set default mail spool files * Use builtin <list-reply> feature * Provide documentation in PDF format * Only suggest smtp daemon at runtime and provide a warning if it's not installed - Bugs fixed: * Exclude sample ca-bundle.crt as it is outdated (bsc#1246321) * Require cyrus-sasl plugins to make the cyrus-sasl feature of mutt function (bsc#1227731) * Fixed missing system /var/mail/ directory (bsc#1216035) * Fixed possible crashes in GPGME and with IMAP when logging out * Fixed issue with unnecessary encoding of "." in attachment names (2231 encoding) * Fixed SMTP client to respect $use_envelope_from option. * Fixed smtp client $envelope_from_address possible dangling pointer mutt-2.2.14-150600.3.3.1.src.rpm mutt-2.2.14-150600.3.3.1.x86_64.rpm mutt-doc-2.2.14-150600.3.3.1.noarch.rpm mutt-lang-2.2.14-150600.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4443 Recommended update for scap-security-guide moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for scap-security-guide fixes the following issues: - updated to 0.1.78 (jsc#ECO-3319) - Enable SCE content for problematic rules that can traverse the whole filesystem - Remove unnecessary Jinja2 macros in control files - Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5 - Add Debian 13 profile for ANSSI BP 28 (enhanced) - Create SLEM5 General profile - Create SL Micro 6 product and general profile - Update SLE15 STIG version to V2R5 - Update SLE12 STIG version to V3R3 - Update SLEM5 STIG version to V1R2 - Remove the cis profiles from all products - Remove the cis profiles from the tarball - Add check if cis profiles exists in the tarball - ssg: remove cis profiles - Update description: remove cis profiles scap-security-guide-0.1.78-150000.1.100.2.noarch.rpm scap-security-guide-0.1.78-150000.1.100.2.src.rpm scap-security-guide-debian-0.1.78-150000.1.100.2.noarch.rpm scap-security-guide-redhat-0.1.78-150000.1.100.2.noarch.rpm scap-security-guide-ubuntu-0.1.78-150000.1.100.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1228 Recommended update for shadow important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize it and update dependencies. - Set SYS_{UID,GID}_MIN to 201: After repeated similar requests to change the ID ranges we set the above mentioned value to 201. The max value will stay at 499. This range should be sufficient and will give us leeway for the future. It's not straightforward to find out which static UIDs/GIDs are used in all packages. Update to 4.17.2: * src/login_nopam.c: Fix compiler warnings #1170 * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 * Use HTTPS in link to Wikipedia article on password strength #1164 * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 * login: Fix no-pam authorization regression #1174 * man: Add Portuguese translation #1178 * Update French translation #1177 * Add cheap defense mechanisms #1171 * Add Romanian translation #1176 Update to 4.17.1: * Fix `su -` regression #1163 Update to 4.17.0: * Fix the lower part of the domain of csrand_uniform() * Fix use of volatile pointer * Use str2[u]l() instead of atoi(3) * Use a2i() in various places * Fix const correctness * Use uid_t for holding UIDs (and GIDs) * Move all sprintf(3)-like APIs to a subdirectory * Move all copying APIs to a subdirectory * Fix forever loop on ENOMEM * Fix REALLOC() nmemb calculation * Remove id(1) * Remove groups(1) * Use local time for human-readable dates * Use %F instead of %Y-%m-%d with strftime(3) * is_valid{user,group}_name(): Set errno to distinguish the reasons * Recommend --badname only if it is useful * Add fmkomstemp() to fix mode of /etc/default/useradd * Fix use-after-free bug in sgetgrent() * Update Catalan translation * Remove references to cppw, cpgr * groupadd, groupmod: Update gshadow file with -U * Added option -a for listing active users only, optimized using if aflg,return * Added information in lastlog man page for new option '-a' * Plenty of code cleanup and clarifications - Disable flushing sssd caches. The sssd's files provider is no longer available. Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 Update to 4.15.0 * libshadow: + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. + Fix build error (parameter name omitted). * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. + Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. + Fix build with musl libc. + Support out of tree builds * useradd(8): + Set proper SELinux labels for def_usrtemplate Update to 4.14.6: * login(1): + Fix off-by-one bugs. * passwd(1): + Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: + Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) + Fix parsing of dates in get_date() (bsc#1176006) + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. Update to 4.14.5: * Build system: + Fix regression introduced in 4.14.4, due to a typo. chgpasswd had been deleted from a Makefile variable, but it should have been chpasswd. Update to 4.14.4: * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * libshadow: + Fix build error (parameter name omitted). + Fix off-by-one bug. + Remove warning. Update to 4.14.3: * libshadow: Avoid null pointer dereference (#904) * Remove pam_keyinit from PAM configuration. (bsc#1199026 bsc#1203823) This was introduced for bsc#1144060. Update to 4.14.2: * libshadow: + Fix build with musl libc. + Avoid NULL dereference. + Update utmp at an initial login * useradd(8): + Set proper SELinux labels for def_usrtemplate * Manual: + Document --prefix in chage(1), chpasswd(8), and passwd(1) Update to 4.14.1: Build system: Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. #791 - Set proper SELinux labels for new homedirs. Update to 4.14.0: * configure: add with-libbsd option * Code cleanup * Replace utmp interface #757 * new option enable-logind #674 * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh * chsh: warn if root sets a shell not listed in /etc/shells #535 * newgrp: fix potential string injection * lastlog: fix alignment of Latest header * Fix yescrypt support #748 * chgpasswd: Fix segfault in command-line options * gpasswd: Fix password leak (bsc#1214806, CVE-2023-4641) * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627) * usermod: fix off-by-one issues #701 * ch(g)passwd: Check selinux permissions upon startup #675 * sub_[ug]id_{add,remove}: fix return values * chsh: Verify that login shell path is absolute #730 * process_prefix_flag: Drop privileges * run_parts for groupadd and groupdel #706 * newgrp/useradd: always set SIGCHLD to default * useradd/usermod: add --selinux-range argument #698 * sssd: skip flushing if executable does not exist #699 * semanage: Do not set default SELinux range #676 * Add control character check #687 * usermod: respect --prefix for --gid option * Fix null dereference in basename * newuidmap and newgidmap: support passing pid as fd * Prevent out of boundary access #633 * Explicitly override only newlines #633 * Correctly handle illegal system file in tz #633 * Supporting vendor given -shells- configuration file #599 * Warn if failed to read existing /etc/nsswitch.conf * chfn: new_fields: fix wrong fields printed * Allow supplementary groups to be added via config file #586 * useradd: check if subid range exists for user #592 (rh#2012929) - Rename lastlog to lastlog.legacy to be able to switch to Y2038 safe lastlog2 as default [jsc#PED-3144] - bsc#1205502: Fix useradd audit event logging of ID field Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] Update to 4.12.1: * Fix uk manpages Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use "extern "C"" to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages - groupadd, useradd, usermod - groups and id - pwck * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail Provide /etc/login.defs.d on SLE15 since we support and use it Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su rom util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Really enable USERGROUPS_ENAB [bsc#1189139]. Added hardening to systemd service(s) (bsc#1181400). * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. * login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536] - Add /etc/login.defs.d directory - Enable shadowgrp so that we can set more secure group passwords using shadow. - Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown. libsubid-devel-4.17.2-150600.17.18.1.x86_64.rpm libsubid5-4.17.2-150600.17.18.1.x86_64.rpm login_defs-4.17.2-150600.17.18.1.noarch.rpm shadow-4.17.2-150600.17.18.1.src.rpm shadow-4.17.2-150600.17.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3219 Security update for jasper moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for jasper fixes the following issues: - CVE-2025-8835: missing range check in the JPEG-2000 (JPC) Encoder leads to assertion failure and crash when processing a malformed JPEG2000 image with an invalid `cblkwidth` parameter (bsc#1247904). - CVE-2025-8836: out-of-bounds array indexing in function `jas_image_chclrspc` leads to crash when processing a malformed image file with BMP output format and color space conversion (bsc#1247902). - CVE-2025-8837: missing operations in cleanup code of the JPEG-2000 (JPC) Encoder leads to use-after-free when processing malformed JPEG2000 images with certain debug levels enabled (bsc#1247901). jasper-2.0.14-150000.3.37.1.src.rpm libjasper4-2.0.14-150000.3.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2989 Recommended update for rubygem-gem2rpm important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rubygem-gem2rpm fixes the following issues: - Fixed the complaint about the template file not being found * use opensuse template on sles as well - On newer ruby versions Kernel.open is no longer working with URIs. Use URI.open() - Also treat contributing as documentation. - Build and ship ruby3.4-rubygem-gem2rpm. (bsc#1247473) ruby2.5-rubygem-gem2rpm-0.10.1-150700.22.7.1.x86_64.rpm ruby3.4-rubygem-gem2rpm-0.10.1-150700.22.7.1.x86_64.rpm rubygem-gem2rpm-0.10.1-150700.22.7.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-2986 Security update for postgresql17 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) libpq5-17.6-150600.13.16.1.x86_64.rpm postgresql17-17.6-150600.13.16.1.src.rpm postgresql17-17.6-150600.13.16.1.x86_64.rpm libpq5-32bit-17.6-150600.13.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3231 Recommended update for checkmedia moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for checkmedia fixes the following issues: - set LC_MESSAGES to C when running gpg (bsc#1248168) - fix minor issue when printing app_id - added --[no-]signature-tag options for explicit handling of the 'signature' tag (bsc#1243125) checkmedia-6.5-150600.3.3.1.src.rpm checkmedia-6.5-150600.3.3.1.x86_64.rpm libmediacheck-devel-6.5-150600.3.3.1.x86_64.rpm libmediacheck6-6.5-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3132 Recommended update for salt and Python dependencies moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for salt and Python dependencies fixes the following issues: - Implementation of python311-salt package and required Python 3.11 dependencies on SUSE Linux Enterprise 15 SP4 (no source changes) (jsc#PED-13283) python3-zypp-plugin-0.6.5-150600.18.8.1.noarch.rpm True zypp-plugin-0.6.5-150600.18.8.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-2970 Security update for pam moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) pam-1.3.0-150000.6.86.1.src.rpm pam-1.3.0-150000.6.86.1.x86_64.rpm pam-devel-1.3.0-150000.6.86.1.x86_64.rpm pam-doc-1.3.0-150000.6.86.1.noarch.rpm pam-extra-1.3.0-150000.6.86.1.x86_64.rpm pam-32bit-1.3.0-150000.6.86.1.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.86.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3449 Security update for cairo low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. cairo-1.18.4-150600.3.3.1.src.rpm cairo-devel-1.18.4-150600.3.3.1.x86_64.rpm libcairo-gobject2-1.18.4-150600.3.3.1.x86_64.rpm libcairo-script-interpreter2-1.18.4-150600.3.3.1.x86_64.rpm libcairo2-1.18.4-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3300 Security update for vim moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) vim-9.1.1629-150500.20.33.1.src.rpm vim-9.1.1629-150500.20.33.1.x86_64.rpm vim-data-9.1.1629-150500.20.33.1.noarch.rpm vim-data-common-9.1.1629-150500.20.33.1.noarch.rpm vim-small-9.1.1629-150500.20.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3058 Recommended update for yast2-iscsi-client important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2-iscsi-client fixes the following issues: - Fix the initialization of the valid iscsi offload cards not bringing up the network cards with an empty iface name (bsc#1246210). yast2-iscsi-client-4.7.7-150700.3.8.1.noarch.rpm yast2-iscsi-client-4.7.7-150700.3.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3229 Recommended update for yast2-users important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2-users fixes the following issues: - Add a missing require (bsc#1248291). * Fix "uninitialized constant Y2Users::UsersModule" during SLES12SP5 to SLES15SP7 upgrade yast2-users-4.7.1-150700.3.5.1.src.rpm yast2-users-4.7.1-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3348 Security update for tiff moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330). - CVE-2024-13978: null pointer dereference in component fax2ps (bsc#1247581) - CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582). - CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117). libtiff-devel-4.7.0-150600.3.18.1.x86_64.rpm libtiff6-4.7.0-150600.3.18.1.x86_64.rpm tiff-4.7.0-150600.3.18.1.src.rpm libtiff6-32bit-4.7.0-150600.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3345 Security update for tiff low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330). - CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582). - CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117). libtiff5-4.0.9-150000.45.55.1.x86_64.rpm tiff-4.0.9-150000.45.55.1.src.rpm libtiff5-32bit-4.0.9-150000.45.55.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3049 Security update for python-future important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) python-future-0.18.2-150300.3.6.1.src.rpm python3-future-0.18.2-150300.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3812 Security update for cmake low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) cmake-3.28.3-150600.3.3.1.src.rpm cmake-3.28.3-150600.3.3.1.x86_64.rpm cmake-full-3.28.3-150600.3.3.1.src.rpm cmake-full-3.28.3-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3017 Security update for udisks2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for udisks2 fixes the following issues: - CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502) libudisks2-0-2.9.2-150400.3.11.1.x86_64.rpm libudisks2-0-devel-2.9.2-150400.3.11.1.x86_64.rpm typelib-1_0-UDisks-2_0-2.9.2-150400.3.11.1.x86_64.rpm udisks2-2.9.2-150400.3.11.1.src.rpm udisks2-2.9.2-150400.3.11.1.x86_64.rpm udisks2-lang-2.9.2-150400.3.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3053 Security update for ucode-intel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Update for functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. ucode-intel-20250812-150200.59.1.src.rpm True ucode-intel-20250812-150200.59.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3216 Recommended update for important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for fixes the following issues: - Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081) liblmdb-0_9_30-0.9.30-150500.3.2.1.x86_64.rpm lmdb-0.9.30-150500.3.2.1.src.rpm lmdb-0.9.30-150500.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3938 Recommended update for suse-fonts moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-fonts fixes the following issues: - update to 2.001: * Clean up Axis - update to v2.000: * Added Black weight to SUSE family, with matching italics. * Introduced SUSE Mono variant (Thin - ExtraBold) with matching italics. * Added full Vietnamese coverage - total coverage now 278 Latin-based languages. * Implemented coding ligatures in SUSE Mono, optimized for terminal and coding environments. * Added PUA and emoji-trigger options for chameleon logo in Mono styles (easter egg). * Updated vertical metrics, naming tables, and weight classes for consistency across families. * Refreshed Google Fonts specimen images to reflect expanded family. suse-fonts-2.001-150000.1.11.1.noarch.rpm suse-fonts-2.001-150000.1.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3290 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Fix "drm/amdgpu: read back register after written for VCN v4.0.5" (bsc#1248370). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes). - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes). - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes). - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes). - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes). - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes). - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes). - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes). - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes). - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes). - Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes). - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes). - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes). - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes). - arm64: Restrict pagetable teardown to avoid false warning (git-fixes). - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes). - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes). - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes). - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes). - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes). - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes). - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708). - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120). - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - devlink: add value check to devlink_info_version_put() (bsc#1245410 jsc#PED-12320). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - ixgbe: add .info_get extension specific for E610 devices (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 functions for acquiring flash data (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 functions getting PBA and FW ver info (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 implementation of FW recovery mode (bsc#1245410 jsc#PED-12320). - ixgbe: add FW API version check (bsc#1245410 jsc#PED-12320). - ixgbe: add device flash update via devlink (bsc#1245410 jsc#PED-12320). - ixgbe: add handler for devlink .info_get() (bsc#1245410 jsc#PED-12320). - ixgbe: add initial devlink support (bsc#1245410 jsc#PED-12320). - ixgbe: add support for FW rollback mode (bsc#1245410 jsc#PED-12320). - ixgbe: add support for devlink reload (bsc#1245410 jsc#PED-12320). - ixgbe: extend .info_get() with stored versions (bsc#1245410 jsc#PED-12320). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: read the OROM version information (bsc#1245410 jsc#PED-12320). - ixgbe: read the netlist version information (bsc#1245410 jsc#PED-12320). - ixgbe: wrap netdev_priv() usage (bsc#1245410 jsc#PED-12320). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - kselftest/runner.sh: add netns support. - kselftests: Sort the collections list to avoid duplicate tests. - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - livepatch: Add "replace" sysfs attribute (poo#187320). - livepatch: Add stack_order sysfs attribute (poo#187320). - livepatch: Replace snprintf() with sysfs_emit() (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE. - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/livepatch: Add selftests for "replace" sysfs attribute. - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name. - selftests/livepatch: define max test-syscall processes. - selftests/livepatch: fix and refactor new dmesg message code. - selftests/livepatch: wait for atomic replace to occur. - selftests/run_kselftest.sh: Fix help string for --per-test-log. - selftests/run_kselftest.sh: Use readlink if realpath is not available. - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: allow runners to override the timeout. - selftests: livepatch: Avoid running the tests for certain kernel-devel situations. - selftests: livepatch: Test atomic replace against multiple modules. - selftests: livepatch: Test livepatching a heavily called syscall. - selftests: livepatch: add new ftrace helpers functions. - selftests: livepatch: add test cases of stack_order sysfs interface. - selftests: livepatch: handle PRINTK_CALLER in check_result(). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR. - selftests: livepatch: save and restore kprobe state. - selftests: livepatch: test if ftrace can trace a livepatched function. - selftests: livepatch: test livepatching a kprobed function. - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: core: fix OF node leak (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). kernel-default-6.4.0-150700.53.16.1.nosrc.rpm True kernel-default-6.4.0-150700.53.16.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.16.1.150700.17.11.2.src.rpm True kernel-default-base-6.4.0-150700.53.16.1.150700.17.11.2.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.16.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.16.1.noarch.rpm True kernel-macros-6.4.0-150700.53.16.1.noarch.rpm True kernel-source-6.4.0-150700.53.16.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3869 Security update for himmelblau low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged (bsc#1249013). himmelblau-0.7.18+git.0.8485a75-150700.3.6.1.src.rpm himmelblau-0.7.18+git.0.8485a75-150700.3.6.1.x86_64.rpm himmelblau-sshd-config-0.7.18+git.0.8485a75-150700.3.6.1.noarch.rpm libnss_himmelblau2-0.7.18+git.0.8485a75-150700.3.6.1.x86_64.rpm pam-himmelblau-0.7.18+git.0.8485a75-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3261 Security update for cups important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). cups-2.2.7-150000.3.72.1.src.rpm cups-2.2.7-150000.3.72.1.x86_64.rpm cups-client-2.2.7-150000.3.72.1.x86_64.rpm cups-config-2.2.7-150000.3.72.1.x86_64.rpm cups-devel-2.2.7-150000.3.72.1.x86_64.rpm libcups2-2.2.7-150000.3.72.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.72.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.72.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.72.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.72.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4131 Recommended update for suse-migration-sle16-activation, SLES16-Migration, SLES16-SAP_Migration, suse-migration-services, suse-migration-rpm, wicked2nm, image-janitor important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-migration-sle16-activation, SLES16-Migration, SLES16-SAP_Migration, suse-migration-services, suse-migration-rpm, wicked2nm, image-janitor fixes the following issues: Changes for suse-migration-sle16-activation: - Simplify interface naming by disabling predictable names at boot - shellcheck heavily complained - check migration target before testing for architecture version - Create systemd.link files for virtual VMware/Hyper-V NICs - Add changes for newest wicked2nm - Activation packages can no longer be noarch - Architecture check before allowing migration to be activated - Add missing pre snapshot setup to run_migration - Add wicked2nm network migration - Setup ExclusiveArch for activation packages - Make activation package require by provides tag - Fix product related requirement settings Changes for SLES16-Migration: - Added .ssh directory for migration user - Add etc/motd overlay file Print message how to show migration progress information - Fix build on more architectures - Initial changelog Changes for SLES16-SAP_Migration: - Support wicked2nm migration - Migration live image for SLES4SAP 15 to 16 Changes for suse-migration-services: - Set systemd offline for Zypper in chroot mode - Fix apparmor install procedure - Fixed azuremetadata device lookup - Use of f-strings not allowed in the DMS - Simplify interface naming by disabling predictable names at boot - Fixed test_check_lsm_migration unit test - Fix setup_host_network_test by mocking os.makedirs - wicked2nm: log network state on nm-online failure - Fixed LSM pre checks to be more robust - shellcheck heavily complained - Do not evaluate wicked2nm output in precheck - Fix unit test for lsm check - prechecks/lsm.py: remove _apparmor_analyze_profiles() - LSM migration check for AppArmor -> SELinux - Improve pre-check message - Fix MinSLEVersion value depending on target - reduce package set on migration image - Fixed behavior of wicked2m pre check - implementation of sshd root login pre-check - Fixed selinux to apparmor migration - Fixed reading of migration config for target class - Add recursion guard to MigrationConfig::_merge_config_dicts - shrink migration image - container/sle16/config.sh - sle16/config.sh - use dropin for s390 migration-config - doc: fix indentation - check for migration target by matching ISO file name - config: introduce dropin dir migration-config.d/ - Apply SLE16 live image setup to container setup - bind mount only required subdirectories under /run into chroot - Add missing package requirement - check migration target before testing for architecture version - setup_host_network: simplify code - use os.makedirs() - Create systemd.link files for virtual VMware/Hyper-V NIC - Preserve systemd.link files from /etc/systemd/network/ - Add changes for the newest wicked2nm - Ensure wicked2nm is a dependency of pre-checks for SLE 16 migration - Activation packages can no longer be noarch - Fix update of image .changes files - Architecture check before allowing migration to be activated - Improve error logs when wicked2nm fails - Include image changelog to version bump - Ensure wicked2nm migration is always running, despite warnings - Fix: add --no-recommends on patterns-base-selinux installation - Update suse-migration-services for container use - Update SLE16 migration container - Update SAP live migration image - Add missing pre snapshot setup to run_migration - Follow up fix for the wicked to nm migration - Add wicked2nm network migration - Add glob support to preserve_files - Setup ExclusiveArch for activation packages - Build sles4sap migration for cloud on x86_64 only - Do not build sles4sap migration on s390x - Use systemctl kexec - Fix: return the correct kernel path based on machine type - Fixed glob pattern match for package name - Remove menitoning of SLES 12-SP4 - Make activation package require by provides tag - Added SLES16-SAP_Migration live image - Do not use list[str] type hint - Fix error evaluation from offline_migrations API - Fix logging from non unit files - Fix product related requirement settings - Repos for migration image must be in kiwi - Added .ssh to migration user for SAP 15 live image - Added SLES15-SAP_Migration Makefile target - Add proper release package for SLE16 migration - Fix typo in service name - Drop obsolete check for resolv.conf - Fix migration user home dir setup for SLE16 - Update README_QA.rst - test: split unit test for setup_name_resolver - Install patterns-base-selinux for Apparmor migration - Ensure the rebuild counter is not stripped from the rpm - Exit silently if no migration iso is found - Ensure rpmlintrc file is part of suse-migration-services SRPM - Ignore fixup! entries when generating changelog - Increase python test matrix - Remove redundanct requires on itself - Fix ordering of pre-checks and actual migration - Add SLES15-Migration target to Makefile - Fix suse-migration-console-log service - Fix typo in REA- Activate only connections if present in the current system - Improve error output, exit codes and add flag to disable user hints - Add support for autoip-fallback - Issue only a info when dhcp.update is non default - Add ipv4_static broadcast - Apply dhcp settings to mirror wicked client id - Fix test.sh, fail if migration succeed but expect fail - Fix sysctl handling - Avoid cloning in parsing of route - Fix continue migration to show all warnings beforehand - Improve warning messages - show interface, element names - Remove unwrap in route parsing - bump slab from 0.4.10 to 0.4.11 to address CVE-2025-55159 (bsc#1248010) - Fix netconfig handling with proper priority setting - Add ovs support - Use agama-network instead of agama-(lib|server) - Only activate connections marked with autostart - Give hint in error message how to ignore warnings - Update README.md with updated installation and usage infos - Add support for Leap 15 - Remove BuildRequires that are no longer necessary due to the agama-network switch. - The agama-network switch also removes the vulnerable and unmaintained 'users' crate from the dependencies. (bsc#1244188)DME_QA - Fix: split name resolver setup into its own service - Fix: set path according to current arch in grub.d/99_migration - Add support to enable single rpm transaction for upgrade - enable suse-migration-ha.service in the migration image - Migration for high availability extension - RPM wrapper fixes - Cleanup secfile to follow python singlespec policy - Support product specifier in ISO name - Ensure sle16 images can build on all supported platforms - Use name pattern compatible to suse-migration-rpm - Fix SLE15 migration images - SAP product should migrate to 15 SP4 - Add SLES15-SAP-Migration - Bump target to SLE15 SP7 - Update bumpversion config Include sle16 container build to version bump - Handle selinux boot option when using kexec - Ensure migration to SLES16 uses selinux, not apparmor - improve os-release parsing - Ensure SLES16 is also detected in SCC precheck - Add high availablity extension check - Fix package names for python packages on SLE16 - Relax on the shim-install call - Fixup package name for SLE16 and SLE16 container - Fix changelog references for activation packages - Add product migration check Changes for suse-migration-rpm: - Fix MinSLEVersion value depending on target - Add product requirement according to image name. - Exit silently if no migration iso is found. - Add build and perl(Date::Parse) to ensure we can append changelog entries to generated package. Changes for wicked2nm: - Activate only connections if present in the current system - Improve error output, exit codes and add flag to disable user hints - Add support for autoip-fallback - Issue only a info when dhcp.update is non default - Add ipv4_static broadcast - Apply dhcp settings to mirror wicked client id - Fix test.sh, fail if migration succeed but expect fail - Fix sysctl handling - Avoid cloning in parsing of route - Fix continue migration to show all warnings beforehand - Improve warning messages - show interface, element names - Remove unwrap in route parsing - bump slab from 0.4.10 to 0.4.11 to address CVE-2025-55159 (bsc#1248010) - Fix netconfig handling with proper priority setting - Add ovs support - Use agama-network instead of agama-(lib|server) - Only activate connections marked with autostart - Give hint in error message how to ignore warnings - Update README.md with updated installation and usage infos - Add support for Leap 15 - Remove BuildRequires that are no longer necessary due to the agama-network switch. - The agama-network switch also removes the vulnerable and unmaintained 'users' crate from the dependencies. (bsc#1244188) Chages for image-janitor: - Fix packaging (add doc, license) - Release 0.2.0 with configuration files packaged - Initial packag SLES16-Migration-2.1.26-15.22.4.src.rpm SLES16-Migration-2.1.26-15.22.4.x86_64.rpm python-Cerberus-1.3.2-150700.20.2.10.src.rpm python3-Cerberus-1.3.2-150700.20.2.10.noarch.rpm python3-migration-2.1.26-150700.16.12.1.noarch.rpm suse-migration-pre-checks-2.1.26-150700.16.12.1.noarch.rpm suse-migration-services-2.1.26-150700.16.12.1.src.rpm suse-migration-sle16-activation-2.1.26-150700.15.9.1.src.rpm suse-migration-sle16-activation-2.1.26-150700.15.9.1.x86_64.rpm wicked2nm-1.4.0-150700.15.7.2.src.rpm wicked2nm-1.4.0-150700.15.7.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3294 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces (bsc#1249090). Other issues fixed: - Bug in UDS dissector with Service ReadDataByPeriodicIdentifier Response. - Incorrectly parsed `application/x-www-form-urlencoded` key following a name-value byte sequence with no `=`. - DNP3 time stamp not working after epoch time (year 2038). - Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. - Further features, bug fixes and updated protocol support as listed in: * https://www.wireshark.org/docs/relnotes/wireshark-4.2.13.html libwireshark17-4.2.13-150600.18.26.1.x86_64.rpm libwiretap14-4.2.13-150600.18.26.1.x86_64.rpm libwsutil15-4.2.13-150600.18.26.1.x86_64.rpm wireshark-4.2.13-150600.18.26.1.src.rpm wireshark-4.2.13-150600.18.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3876 Recommended update for docker moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker fixes the following issues: Update to docker-buildx v0.28.0. See upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.28.0> Update to Docker 28.4.0-ce: See upstream changelog: <https://docs.docker.com/engine/release-notes/28/#2840> - Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. - Enable building docker-buildx for SLE15 systems with SUSEConnect secret injection enabled. PED-12534 PED-8905 bsc#1247594 As docker-buildx does not support our SUSEConnect secret injection (and some users depend "docker build" working transparently), patch the docker CLI so that "docker build" will no longer automatically call "docker buildx build", effectively making DOCKER_BUILDKIT=0 the default configuration. Users can manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order to opt-in to using docker-buildx. Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0 explicitly. In order to inject SCC credentials with docker-buildx, users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.4.0_ce-150000.235.1.src.rpm docker-28.4.0_ce-150000.235.1.x86_64.rpm docker-buildx-0.28.0-150000.235.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3723 Security update for libqt5-qtbase moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance (bsc#1239896). Other issues fixed: - Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances. - Fix a crash when parsing a particular glyph in a particular font. - Avoid repeatedly registering xsettings callbacks when switching cursor themes. - Check validity of RandR output info before using it. - Fix reparenting a window so it takes effect even if there are no other state changes to the window. libQt5Concurrent-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Concurrent5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Core-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Core5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5DBus-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5DBus5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Gui-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Gui5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Network-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Network5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5OpenGL-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5OpenGL5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5PrintSupport-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5PrintSupport5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Sql-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Sql5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Sql5-sqlite-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Test-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Test5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Widgets-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm libQt5Widgets5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Xml-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libQt5Xml5-5.15.12+kde151-150600.3.9.1.x86_64.rpm libqt5-qtbase-5.15.12+kde151-150600.3.9.1.src.rpm libqt5-qtbase-common-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libqt5-qtbase-devel-5.15.12+kde151-150600.3.9.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.12+kde151-150600.3.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3950 Security update for runc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7> runc-1.2.7-150000.80.1.src.rpm runc-1.2.7-150000.80.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3172 Security update for xen important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). Other issues fixed: - efi: Call FreePages() only if needed (bsc#1027519). - x86/hpet: do local APIC EOI after interrupt processing (bsc#1027519). - x86/hvm/ioreq: Fix condition in hvm_alloc_legacy_ioreq_gfn() (bsc#1027519). - x86/idle: Fix the C6 eoi_errata[] list to include NEHALEM_EX (bsc#1027519). - x86/iommu: setup MMCFG ahead of IOMMU (bsc#1027519). - x86/mce: Adjustments to intel_init_ppin() (bsc#1027519). - x86/mkelf32: pad load segment to 2Mb boundary (bsc#1027519). xen-4.20.1_04-150700.3.11.1.src.rpm True xen-libs-4.20.1_04-150700.3.11.1.x86_64.rpm True xen-tools-domU-4.20.1_04-150700.3.11.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3802 Feature update for alloy moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alloy fixes the following issues: - Implementation of Grafana Alloy SUSE Linux Enterprise Server 15 SP7 (jsc#PED-13602) * Alloy is now part of the Basesystem Module alloy-1.9.2-150700.15.5.2.src.rpm alloy-1.9.2-150700.15.5.2.x86_64.rpm system-user-alloy-1.0.0-150700.15.5.2.noarch.rpm system-user-alloy-1.0.0-150700.15.5.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3225 Security update for cups-filters important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups-filters fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). cups-filters-1.25.0-150200.3.22.1.src.rpm cups-filters-1.25.0-150200.3.22.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3203 Recommended update for nvidia-modprobe.cuda, nvidia-persistenced.cuda moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-modprobe.cuda, nvidia-persistenced.cuda fixes the following issues: nvidia-modprobe.cuda is shipped in version 580.82.07. nvidia-persistenced.cuda is shipped in version 580.82.07. nvidia-modprobe-580.82.07-150400.9.3.1.src.rpm nvidia-modprobe-580.82.07-150400.9.3.1.x86_64.rpm nvidia-persistenced-580.82.07-150400.9.3.1.src.rpm nvidia-persistenced-580.82.07-150400.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3249 Recommended update for libnvme, nvme-cli important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libnvme, nvme-cli fixes the following issues: - tree: do not try to strdup NULL pointer (bsc#1247225) - tree: always set the host key (bsc#1246560) - netapp-ontapdev: update invalid device handling (bsc#1247017) - netapp-smdev: update invalid device handling (bsc#1247017) libnvme-1.11+8.gfb9b581c-150700.4.9.1.src.rpm libnvme-devel-1.11+8.gfb9b581c-150700.4.9.1.x86_64.rpm libnvme-mi1-1.11+8.gfb9b581c-150700.4.9.1.x86_64.rpm libnvme1-1.11+8.gfb9b581c-150700.4.9.1.x86_64.rpm nvme-cli-2.11+28.g2fc67685-150700.3.9.1.src.rpm nvme-cli-2.11+28.g2fc67685-150700.3.9.1.x86_64.rpm nvme-cli-bash-completion-2.11+28.g2fc67685-150700.3.9.1.noarch.rpm nvme-cli-zsh-completion-2.11+28.g2fc67685-150700.3.9.1.noarch.rpm python3-libnvme-1.11+8.gfb9b581c-150700.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3791 Security update for p7zip moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for p7zip fixes the following issues: - CVE-2022-47069: heap buffer overflow in `ZipIn.cpp` file (bsc#1209648). - CVE-2025-53817: null pointer dereference may lead to denial of service (bsc#1246707). p7zip-16.02-150200.14.15.1.src.rpm p7zip-16.02-150200.14.15.1.x86_64.rpm p7zip-full-16.02-150200.14.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3699 Security update for krb5 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. krb5-1.20.1-150600.11.14.1.src.rpm krb5-1.20.1-150600.11.14.1.x86_64.rpm krb5-client-1.20.1-150600.11.14.1.x86_64.rpm krb5-devel-1.20.1-150600.11.14.1.x86_64.rpm krb5-plugin-preauth-otp-1.20.1-150600.11.14.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.20.1-150600.11.14.1.x86_64.rpm krb5-32bit-1.20.1-150600.11.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3923 Recommended update for pesign-obs-integration moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pesign-obs-integration fixes the following issues: - Fixed pesign-obs-integration when no signed binary is produced (bsc#1248618) pesign-obs-integration-10.2+git20210804.ff18da1-150600.10.3.1.src.rpm pesign-obs-integration-10.2+git20210804.ff18da1-150600.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3746 Optional update for perl packages low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl packages fixes the following issues: - Add packages needed by products like openQA (bsc#1244183). perl-HTML-Parser-3.830.0-150000.3.3.1.src.rpm perl-HTML-Parser-3.830.0-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3794 Security update for chrony moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) chrony-4.1-150400.21.8.1.src.rpm chrony-4.1-150400.21.8.1.x86_64.rpm chrony-pool-empty-4.1-150400.21.8.1.noarch.rpm chrony-pool-suse-4.1-150400.21.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3239 Security update for expat important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for expat fixes the following issues: expat was updated to version 2.7.1: - Bug fixes: - Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext - Other changes: - Fix printf format specifiers for 32bit Emscripten - docs: Promote OpenSSF Best Practices self-certification - tests/benchmark: Resolve mistaken double close - Address compiler warnings - Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Version update to 2.7.0 (CVE-2024-8176, bsc#1239618, jsc#PED-12507) * Security fixes: - CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ("<e>&g1;</e>") - general entities in attribute values ("<e k1='&g1;'/>") - parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: - docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 - docs: Document need for C++11 compiler for use from C++ - Address Cppcheck warnings - Mass-migrate links from http:// to https:// - Document changes since the previous release - Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do expat-2.7.1-150700.3.3.1.src.rpm expat-2.7.1-150700.3.3.1.x86_64.rpm libexpat-devel-2.7.1-150700.3.3.1.x86_64.rpm libexpat1-2.7.1-150700.3.3.1.x86_64.rpm libexpat1-32bit-2.7.1-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3968 Recommended update for libaio moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc libaio-0.3.113-150600.15.3.1.src.rpm libaio-devel-0.3.113-150600.15.3.1.x86_64.rpm libaio1-0.3.113-150600.15.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3421 Recommended update for sysstat important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sysstat fixes the following issues: - removal of broken symlinks during the post-install phase (bsc#1244553). sysstat-12.0.2-150000.3.51.1.src.rpm sysstat-12.0.2-150000.3.51.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3930 Recommended update for gcc15 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install "gcc15" or "gcc15-c++" or one of the other "gcc15-COMPILER" frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] gcc15-15.2.0+git10201-150000.1.3.3.src.rpm libasan8-15.2.0+git10201-150000.1.3.3.x86_64.rpm libasan8-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libatomic1-15.2.0+git10201-150000.1.3.3.x86_64.rpm libatomic1-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgcc_s1-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgcc_s1-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgfortran5-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgfortran5-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgomp1-15.2.0+git10201-150000.1.3.3.x86_64.rpm libgomp1-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libhwasan0-15.2.0+git10201-150000.1.3.3.x86_64.rpm libitm1-15.2.0+git10201-150000.1.3.3.x86_64.rpm libitm1-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm liblsan0-15.2.0+git10201-150000.1.3.3.x86_64.rpm libobjc4-15.2.0+git10201-150000.1.3.3.x86_64.rpm libobjc4-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libquadmath0-15.2.0+git10201-150000.1.3.3.x86_64.rpm libquadmath0-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libquadmath0-devel-gcc15-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-locale-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-pp-15.2.0+git10201-150000.1.3.3.x86_64.rpm libstdc++6-pp-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm libtsan2-15.2.0+git10201-150000.1.3.3.x86_64.rpm libubsan1-15.2.0+git10201-150000.1.3.3.x86_64.rpm libubsan1-32bit-15.2.0+git10201-150000.1.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3747 Optional update for python-tempora low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-tempora fixes the following issue: - Use update-alternatives tempora binaries (bsc#1223694) python-tempora-1.8-150200.3.8.1.src.rpm python3-tempora-1.8-150200.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3722 Security update for protobuf moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for protobuf fixes the following issues: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to a `RecursionError` (bsc#1244663). libprotobuf20-3.9.2-150200.4.27.1.x86_64.rpm protobuf-3.9.2-150200.4.27.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3333 Security update for avahi moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). avahi-0.8-150600.15.9.1.src.rpm avahi-0.8-150600.15.9.1.x86_64.rpm avahi-compat-howl-devel-0.8-150600.15.9.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150600.15.9.1.x86_64.rpm avahi-glib2-0.8-150600.15.9.1.src.rpm avahi-lang-0.8-150600.15.9.1.noarch.rpm avahi-utils-0.8-150600.15.9.1.x86_64.rpm libavahi-client3-0.8-150600.15.9.1.x86_64.rpm libavahi-common3-0.8-150600.15.9.1.x86_64.rpm libavahi-core7-0.8-150600.15.9.1.x86_64.rpm libavahi-devel-0.8-150600.15.9.1.x86_64.rpm libavahi-glib-devel-0.8-150600.15.9.1.x86_64.rpm libavahi-glib1-0.8-150600.15.9.1.x86_64.rpm libavahi-gobject0-0.8-150600.15.9.1.x86_64.rpm libavahi-libevent1-0.8-150600.15.9.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150600.15.9.1.x86_64.rpm libdns_sd-0.8-150600.15.9.1.x86_64.rpm libhowl0-0.8-150600.15.9.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150600.15.9.1.x86_64.rpm libavahi-client3-32bit-0.8-150600.15.9.1.x86_64.rpm libavahi-common3-32bit-0.8-150600.15.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3931 Recommended update for libtraceevent, libtracefs, trace-cmd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libtraceevent, libtracefs, trace-cmd fixes the following issues: Updates for trace-cmd: * Update to version 3.3.2: * Add trace-cmd show --max_latency * Bail out of trace-cmd reset on invalid options * Add trace-cmd reset -k option to keep events * New bash completions * Update help messages of trace-cmd show for --hist and --trigger options * Fix some memory errors * Fix sqlhist initialization of variables * Fix trace-cmd record demonization stdin redirection to /dev/null * Update to latest upstream version 3.3.1: * Disable function trace option func_stack_trace before clearing filter * Fix compression algorithm for files greater than 2GB * Update printf format to match unsigned parameters. * Update to version 3.3.0: * Now by default, the output shows the latency lines: * Add feature to build with meson from using make * Add trace-cmd record --daemonize * Add trace-cmd show --buffer-subbuf-size option This will display the "subbuf-size" of the instance ring buffer. (New Linux kernel featuer added in v6.8) * Add trace-cmd show --buffer_percent option This will display the "buffer_percent" option, added in v5.0. * Add trace-cmd show --hist and --trigger options Add options to trace-cmd show to display the hist and trigger contents of events. * Add new command "sqlhist" that makes trace-cmd do the same work as the sqlhist code in libtracefs. * Show "buffer_subbuf_size" in trace-cmd stat * Add trace-cmd record --subbuf-size option * Allow trace-cmd report to read multiple files without using the -i option. That is, "trace-cmd report trace*.dat" will now work. * Have trace-cmd split work with trace.dat files with multiple instances. * Allow trace-cmd split to split out instance buffers * Allow trace-cmd record to support -m option when recording from an agent. * Fix output file names for trace-cmd split * Fix the way filters were applied to trace-cmd report with multiple trace.dat files. * Fix the trace-cmd reset -d option * Fix meson build issue * Make some man pages clean ups * Fix other minor issues. - Build with support for zlib and zstd compression. Updates for libtraceevent: * Update to 1.8.4: * Have sizeof() parsing handle u8/s8 through u64/s64 * Print arrays like Linux does * Print function pointer address when TEP_EVENT_FL_PRINTRAW is specified * Update to 1.8.3: * Fix a double free in process_op() * Do not return a local stack pointer in get_field_str() * prevent a memory leak in tep_plugin_add_option() * Prevent a memory leak in process_fields() * Close shared object in the error path of load_plugin() * Avoid a simple asprintf case * Fix event-parse memory leak in process_cond * Have single quotes represent characters * Fix tests running on big endian arch * Update to 1.8.2; * New APIs: - tep_record_is_event() - A helper function that basically converts int type= tep_data_type(event->tep, record); if (event->id == type) { /* do something */ } into: if (tep_record_is_event(record, event)) { /* do something */ } - tep_get_sub_buffer_commit_offset() - Add a function to return the offset of where the "commit" is located on the subbuffer so that the application can do its own direct reading of it. - kbuffer_read_buffer() - Add the functionality to the kbuffer to act like the read syscall of the ring buffer. That is, it will load the passed in buffer with the events where the kbuffer left off, and that passed in buffer can be loaded into another kbuffer via kbuffer_load_subbuffer(). - kbuffer_dup() - Create a new kbuffer with the same fields of an existing kbuffer. This will allow traversing a subbuffer without modifying the contents of another kbuffer that points to the subbuffer. - kbuffer_subbuffer() - Return the subbuffer that was loaded into a kbuffer via kbuffer_load_subbuffer(). - kbuffer_refresh() - In the case of the subbuffer that was loaded into a kbuffer via kbuffer_load_subbuffer() that is still active, this function will refresh the meta data to continue reading events if more were written to it. - Added tep_get_sub_buffer_data_size() helper function * Updates: - Add option to disable building documents for some environments that do not have everything needed to build the documents to not fail the build with meson. - Bump meson version required to build to 0.58.0 as plugins use str.replace that was introduced in that version. - Have the sched_switch plugin parse the format field to figure out what the correct mapping of the "prev_state" field is to produce the proper string output. * Fixes: - Update the default sched_switch "prev_state" string array to match what's been in the kernel for a while now. - Fix tep_kbuffer() to fill in the long_size, otherwise it would default to 32 bit longs and cause a lot of confusion to application developers - Fix tep_kbuffer man page info - Fix some meson dependency issues - Fix kbuffer_read_buffer() timestamp being off in some cases - Fix curr size in kbuffer_refresh() * Fix double free in parsing sizeof() Updates to libtracefs: * Update to release 1.8.2: * libtracefs: Have tracefs_instance_tracers() return instance tracers * libtrace: Fix memory leak in tracefs_cpu * libtracefs: Handle synthetic events with dynamic strings as fields * Update to release 1.8.1: * Plug some memory leaks * Update to v1.8.0: * remove: add-explicit-meson-thread-dependency.patch * tracefs_follow_event_clear() and tracefs_follow_missed_events_clear() API to clean up followers if the tracefs instance is going to be used for other iterations * tracefs_instance_file_write_number() A simple helper function to make it easier to write numbers into the tracefs files. It does the conversion from number to string, as the files expect strings and not numbers. * Add API to work with kbuffer, which gives more control to the application and speeds it up: - tracefs_cpu_read_buf() - tracefs_cpu_buffered_read_buf() - tracefs_cpu_flush_buf() * tracefs_instance_get_buffer_percent() and tracefs_instance_set_buffer_percent() Modify the buffer_percent file that allows readers to block until the buffer is filled to a given percent. This keeps the reader from causing events that will add noise to the trace. * tracefs_instance_clear() Helper to clear the contents of the current trace instance. * tep_get_sub_buffer_data_size() Helper to retrieve the current sub-buffer data size. The Linux kernel tracing ring buffer is broken up into smaller sub-buffers. This returns the size of the data portion of those sub-buffers (does not include the sub-buffer meta data). * tracefs_load_headers() API to just load the information about the sub-buffers and nothing more. * API to extract tracing ring buffer statistics - tracefs_instance_get_stat() - tracefs_instance_put_stat() - tracefs_buffer_stat_entries() - tracefs_buffer_stat_overrun() - tracefs_buffer_stat_commit_overrun() - tracefs_buffer_stat_bytes() - tracefs_buffer_stat_event_timestamp() - tracefs_buffer_stat_timestamp() - tracefs_buffer_stat_dropped_events * tracefs_instance_set_subbuf_size() and tracefs_instance_get_subbuf_size() API to modify the sub-buffers size of the tracing ring buffer. * Added TIMESTAMP_DELTA and TIMESTAMP_DELTA_USECS to tracefs_sql() as a shortcut for (end.TIMESTAMP - start.TIMESTAMP) and (end.TIMESTAMP_USECS - start.TIMESTAMP_USECS) respectively * Add PID filtering API: - tracefs_filter_pid_function() - tracefs_filter_pid_events() - tracefs_filter_pid_function_clear() - tracefs_filter_pid_events_clear() * Added tracefs_cpu_snapshot_open() to read the raw data of snapshot buffers * Added snapshot functions: - tracefs_snapshot_snap() - tracefs_snapshot_clear() - tracefs_snapshot_free() * Added ring buffer memory mapping APIs - tracefs_cpu_open_mapped() - tracefs_cpu_is_mapped() - tracefs_mapped_is_supported() - tracefs_cpu_map() - tracefs_cpu_unmap() * Updates: - Increase pipe max size to max value when using splice. - Clear "max_graph_depth" on tracefs_instance_reset() - Add missing headers to syscall() and SYS_* defines - Add dependency fixes to meson build - Fix some documentation / man page issues - Fix memory leaks - Fix cscope rule - Fix issues in unit tests - Added many more unit tests libtraceevent-1.8.4-150500.11.8.1.src.rpm libtraceevent-devel-1.8.4-150500.11.8.1.x86_64.rpm libtraceevent1-1.8.4-150500.11.8.1.x86_64.rpm libtracefs-1.8.2-150500.11.6.1.src.rpm libtracefs1-1.8.2-150500.11.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3372 Recommended update for iproute2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for iproute2 fixes the following issues: - add post-6.4 follow-up fixes (bsc#1243005) - sync UAPI header copies with SLE15-SP6 kernel - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) iproute2-6.4-150600.7.9.1.src.rpm iproute2-6.4-150600.7.9.1.x86_64.rpm iproute2-arpd-6.4-150600.7.9.1.x86_64.rpm iproute2-bash-completion-6.4-150600.7.9.1.x86_64.rpm libnetlink-devel-6.4-150600.7.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3371 Recommended update for sysconfig important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning sysconfig-0.85.10-150200.15.1.src.rpm sysconfig-0.85.10-150200.15.1.x86_64.rpm sysconfig-netconfig-0.85.10-150200.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3425 Recommended update for libnvme, nvme-cli important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Fix libnvme/nvme-cli TLS PSK generation logic not compliant to RFC 8446 (bsc#1246914): * linux: use EVP_PKEY_CTX_add1_hkdf_info only once in compat function * nvme/linux: check for empty digest in gen_tls_identity() * nvme/linux: add fallback implementation for nvme_insert_tls_key_compat() * linux: fix HKDF TLS key derivation back to OpenSSL 3.0.8 * libnvme: TLS PSK derivation fixes * linux: rename __nvme_insert_tls_key_versioned() to __nvme_insert_tls_key() * linux: rename __nvme_insert_tls_key() to __nvme_import_tls_key() * test/psk: add testcase for TLS identity derivation * linux: set errno when nvme_generate_tls_key_identity() fails * nvme: add --compat flag for 'gen-tls-key' and 'check-tls-key' libnvme-1.11+17.g61f36cae-150700.4.14.1.src.rpm libnvme-devel-1.11+17.g61f36cae-150700.4.14.1.x86_64.rpm libnvme-mi1-1.11+17.g61f36cae-150700.4.14.1.x86_64.rpm libnvme1-1.11+17.g61f36cae-150700.4.14.1.x86_64.rpm nvme-cli-2.11+29.g61f8d34b-150700.3.12.1.src.rpm nvme-cli-2.11+29.g61f8d34b-150700.3.12.1.x86_64.rpm nvme-cli-bash-completion-2.11+29.g61f8d34b-150700.3.12.1.noarch.rpm nvme-cli-zsh-completion-2.11+29.g61f8d34b-150700.3.12.1.noarch.rpm python3-libnvme-1.11+17.g61f36cae-150700.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3981 Recommended update for inotify-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for inotify-tools fixes the following issues: - Bug fix on garbled output (bsc#1249617). - Static code analysis annotations and fixes. - New maintainer. - python3-pyinotify rpm has a limited version of notify operation, including inotify-tools (jsc#SLE-21025). - Build noarch package for doc only for newer suse version. inotify-tools-3.21.9.6-150400.3.3.3.src.rpm inotify-tools-3.21.9.6-150400.3.3.3.x86_64.rpm inotify-tools-devel-3.21.9.6-150400.3.3.3.x86_64.rpm libinotifytools0-3.21.9.6-150400.3.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3430 Recommended update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) bind-9.20.11-150700.3.9.1.src.rpm bind-utils-9.20.11-150700.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3369 Security update for libssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). libssh-0.9.8-150600.11.6.1.src.rpm libssh-config-0.9.8-150600.11.6.1.x86_64.rpm libssh-devel-0.9.8-150600.11.6.1.x86_64.rpm libssh4-0.9.8-150600.11.6.1.x86_64.rpm libssh4-32bit-0.9.8-150600.11.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3833 Recommended update for iotop low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This recommended update for iotop provides the following fix: - Re-release for version consistency, no source changes. iotop-0.6-150000.4.12.1.noarch.rpm iotop-0.6-150000.4.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3486 Recommended update for grub2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) grub2-2.12-150700.19.16.1.src.rpm grub2-2.12-150700.19.16.1.x86_64.rpm grub2-i386-pc-2.12-150700.19.16.1.noarch.rpm grub2-snapper-plugin-2.12-150700.19.16.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-150700.19.16.1.noarch.rpm grub2-x86_64-efi-2.12-150700.19.16.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3726 Optional update for llvm19 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for llvm19 fixes the following issues: - Add llvm19-devel to Dev. Tools, no source changes. (bsc#1250304) libLLVM19-19.1.7-150700.3.6.1.x86_64.rpm libc++-devel-19.1.7-150700.3.6.1.x86_64.rpm libc++1-19.1.7-150700.3.6.1.x86_64.rpm libc++abi-devel-19.1.7-150700.3.6.1.x86_64.rpm libc++abi1-19.1.7-150700.3.6.1.x86_64.rpm llvm19-19.1.7-150700.3.6.1.src.rpm libLLVM19-32bit-19.1.7-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3967 Recommended update for umoci moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for umoci fixes the following issues: Update to umoci v0.6.0. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.6.0> bsc#1252025 * umoci now has automatic SOURCE_DATE_EPOCH support, improving the reproducibility of generated images. * "umoci stat" now provides more information about theimage. * "umoci config" now supports --platform.variant (architecture variants) which resolves issues with images on ARM (on ARM systems, "umoci new" will auto-fill the host CPU variant). Update to umoci v0.5.1. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.5.1> bsc#1249450 * For images with an empty index.json, umoci will no longer incorrectly set the manifests entry to null. * umoci will now produce an error for images with negative-sized descriptors, based on recent discussions in the upstream image-spec. * Use go:embed to fill umoci --version information from VERSION. * Stop using oci-image-tools for integration tests, instead use some smoke tests and the docker-library-maintained meta-scripts. umoci-0.6.0-150000.3.20.1.src.rpm umoci-0.6.0-150000.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3434 Security update for open-vm-tools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). libvmtools-devel-13.0.0-150600.3.18.1.x86_64.rpm libvmtools0-13.0.0-150600.3.18.1.x86_64.rpm open-vm-tools-13.0.0-150600.3.18.1.src.rpm open-vm-tools-13.0.0-150600.3.18.1.x86_64.rpm open-vm-tools-salt-minion-13.0.0-150600.3.18.1.x86_64.rpm open-vm-tools-sdmp-13.0.0-150600.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3676 Security update for samba critical SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). Update to 4.21.8: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * Delayed leader broadcast can block ctdb forever; (bso#15892). * 'net ads group' failed to list domain groups; (bso#15900). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). ldb-tools-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm libldb-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm libldb2-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm python3-ldb-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.src.rpm samba-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-ceph-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-client-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-client-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-dcerpc-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-gpupdate-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-ldb-ldap-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-libs-python3-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-python3-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-tool-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-winbind-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-winbind-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm libldb2-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-client-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm samba-winbind-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3489 Recommended update for libsolv, libzypp, zypper important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsolv, libzypp, zypper fixes the following issues: - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) libsolv-0.7.35-150700.11.3.1.src.rpm True libsolv-devel-0.7.35-150700.11.3.1.x86_64.rpm True libsolv-tools-0.7.35-150700.11.3.1.x86_64.rpm True libsolv-tools-base-0.7.35-150700.11.3.1.x86_64.rpm True libzypp-17.37.18-150700.6.3.1.src.rpm True libzypp-17.37.18-150700.6.3.1.x86_64.rpm True libzypp-devel-17.37.18-150700.6.3.1.x86_64.rpm True python3-solv-0.7.35-150700.11.3.1.x86_64.rpm True ruby-solv-0.7.35-150700.11.3.1.x86_64.rpm True zypper-1.14.94-150700.13.3.1.src.rpm True zypper-1.14.94-150700.13.3.1.x86_64.rpm True zypper-log-1.14.94-150700.13.3.1.noarch.rpm True zypper-needs-restarting-1.14.94-150700.13.3.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3851 Recommended update for vim moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. vim-9.1.1629-150500.20.38.1.src.rpm vim-9.1.1629-150500.20.38.1.x86_64.rpm vim-data-9.1.1629-150500.20.38.1.noarch.rpm vim-data-common-9.1.1629-150500.20.38.1.noarch.rpm vim-small-9.1.1629-150500.20.38.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3934 Recommended update for cyrus-sasl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). cyrus-sasl-2.1.28-150600.7.9.2.src.rpm cyrus-sasl-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-crammd5-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-devel-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-digestmd5-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-gssapi-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-ntlm-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-otp-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-plain-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.9.2.src.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.9.2.x86_64.rpm libsasl2-3-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-32bit-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-crammd5-32bit-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-digestmd5-32bit-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-gssapi-32bit-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-plain-32bit-2.1.28-150600.7.9.2.x86_64.rpm libsasl2-3-32bit-2.1.28-150600.7.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3623 Recommended update for sudo important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. sudo-1.9.15p5-150600.3.12.1.src.rpm sudo-1.9.15p5-150600.3.12.1.x86_64.rpm sudo-devel-1.9.15p5-150600.3.12.1.x86_64.rpm sudo-plugin-python-1.9.15p5-150600.3.12.1.x86_64.rpm sudo-policy-sudo-auth-self-1.9.15p5-150600.3.12.1.x86_64.rpm sudo-policy-wheel-auth-self-1.9.15p5-150600.3.12.1.x86_64.rpm system-group-sudo-1.9.15p5-150600.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3508 Security update for expat important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). expat-2.7.1-150700.3.6.1.src.rpm expat-2.7.1-150700.3.6.1.x86_64.rpm libexpat-devel-2.7.1-150700.3.6.1.x86_64.rpm libexpat1-2.7.1-150700.3.6.1.x86_64.rpm libexpat1-32bit-2.7.1-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3598 Recommended update for nvidia-open-driver-G06-signed important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: Update to version 580.95.05 (bsc#1250536) - get rid of multiversion for the KMPs, since it only brought/brings us trouble and no benefit at all (jsc#PED-12049) * remove any ^Conflicts and ^Provides: multiversion from /usr/lib/rpm/kernel-module-subpackage * set INSTALL_MOD_DIR back to %{kernel_module_package_moddir}, i.e. updates/ subdir - pesign-spec-macros: added definition for %__kernel_supplements, which replaced %__kmp_supplements with latest RPM used on TW now, in order to fix PCI HW Supplements for TW (bsc#1249814) nv-prefer-signed-open-driver-580.82.07-150700.3.24.1.x86_64.rpm nvidia-open-driver-G06-signed-580.95.05-150700.3.24.1.src.rpm nvidia-open-driver-G06-signed-cuda-580.82.07-150700.3.24.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150700.3.24.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_150700.53.16-150700.3.24.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-150700.3.24.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.4.0_150700.53.16-150700.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3546 Security update for openssl-3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). libopenssl-3-devel-3.2.3-150700.5.21.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.21.1.x86_64.rpm libopenssl3-3.2.3-150700.5.21.1.x86_64.rpm openssl-3-3.2.3-150700.5.21.1.src.rpm openssl-3-3.2.3-150700.5.21.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.21.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4358 Recommended update for apache2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) apache2-2.4.62-150700.4.6.1.src.rpm apache2-2.4.62-150700.4.6.1.x86_64.rpm apache2-prefork-2.4.62-150700.4.6.1.src.rpm apache2-prefork-2.4.62-150700.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3535 Security update for open-vm-tools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: fixed a local privilege escalation vulnerability (bnc#1250373). libvmtools-devel-13.0.5-150600.3.21.1.x86_64.rpm libvmtools0-13.0.5-150600.3.21.1.x86_64.rpm open-vm-tools-13.0.5-150600.3.21.1.src.rpm open-vm-tools-13.0.5-150600.3.21.1.x86_64.rpm open-vm-tools-salt-minion-13.0.5-150600.3.21.1.x86_64.rpm open-vm-tools-sdmp-13.0.5-150600.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3779 Security update for poppler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) - CVE-2025-52885: improved pointer handling that could have led to dangling pointers when the vector is resized (bsc#1251940) libpoppler-cpp0-24.03.0-150600.3.24.1.x86_64.rpm libpoppler-devel-24.03.0-150600.3.24.1.x86_64.rpm libpoppler-glib-devel-24.03.0-150600.3.24.1.x86_64.rpm libpoppler-glib8-24.03.0-150600.3.24.1.x86_64.rpm libpoppler135-24.03.0-150600.3.24.1.x86_64.rpm poppler-24.03.0-150600.3.24.1.src.rpm poppler-tools-24.03.0-150600.3.24.1.x86_64.rpm typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3910 Security update for poppler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) - CVE-2025-52885: improved pointer handling that could have led to dangling pointers when the vector is resized (bsc#1251940) libpoppler89-0.79.0-150200.3.46.1.x86_64.rpm poppler-0.79.0-150200.3.46.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3875 Security update for libxslt important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) libxslt-1.1.34-150400.3.13.1.src.rpm libxslt-devel-1.1.34-150400.3.13.1.x86_64.rpm libxslt-tools-1.1.34-150400.3.13.1.x86_64.rpm libxslt1-1.1.34-150400.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3601 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39834: net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (bsc#1250021). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Add alt-commit to drm v3d patch - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - Drop ath12k patch that was reverted in the upstream (git-fixes) - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - Fix source string __assign_string() (bsc#1238782) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes). - Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes). - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf/selftests: Fix test_tcpnotify_user (poo#189822). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - request reserved interrupt for virtual function (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix unnecessary cast warnings from checkpatch (stable-fixes). - drm/amd/display: Reduce accessing remote DPCD overhead (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect MALL size for GFX1151 (stable-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau: select FW caching (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix and re-enable xe_print_blob_ascii85() (git-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for "netfilter: nf_tables: Audit log rule reset" (git-fixes). - kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: chips-media: wave5: Fix gray color on screen (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: do not re-authenticate queues with no prior authentication (bsc#1227555). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: remove tag set when second admin queue config fails (git-fixes). - nvmet-auth: always free derived key data (git-fixes). - nvmet-auth: authenticate on admin queue only (bsc#1227555). - nvmet: auth: use NULL to clear a pointer in (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1249183). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/debug: Add a reverse mode for debug_dump() (git-fixes jsc#PED-13260). - s390/debug: Add debug_dump() to write debug view to a string buffer (git-fixes jsc#PED-13260). - s390/debug: Simplify and document debug_next_entry() logic (git-fixes jsc#PED-13260). - s390/debug: Split private data alloc/free out of file operations (git-fixes jsc#PED-13260). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Add pci_msg debug view to PCI report (git-fixes jsc#PED-13260). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/pci: Report PCI error recovery results via SCLP (git-fixes jsc#PED-13260). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation (stable-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (bsc#1245538). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). kernel-default-6.4.0-150700.53.19.1.nosrc.rpm True kernel-default-6.4.0-150700.53.19.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.19.1.150700.17.13.1.src.rpm True kernel-default-base-6.4.0-150700.53.19.1.150700.17.13.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.19.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.19.1.noarch.rpm True kernel-macros-6.4.0-150700.53.19.1.noarch.rpm True kernel-source-6.4.0-150700.53.19.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-4374 Recommended update for suse-module-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-module-tools fixes the following issues: - Version update 15.7.8. - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). suse-module-tools-15.7.8-150700.3.8.3.src.rpm suse-module-tools-15.7.8-150700.3.8.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3861 Recommended update for busybox moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for busybox fixes the following issues: - Fix adduser inside containers on an SELinux host (bsc#1247779): - Don't throw debug info away during build, let RPM separate it afterwards busybox-1.37.0-150700.18.7.1.src.rpm busybox-1.37.0-150700.18.7.1.x86_64.rpm busybox-static-1.37.0-150700.18.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3635 Security update for openssl-1_1 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) libopenssl1_1-1.1.1w-150700.11.6.1.x86_64.rpm openssl-1_1-1.1.1w-150700.11.6.1.src.rpm libopenssl1_1-32bit-1.1.1w-150700.11.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3596 Recommended update for curl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) curl-8.14.1-150700.7.2.1.src.rpm curl-8.14.1-150700.7.2.1.x86_64.rpm libcurl-devel-8.14.1-150700.7.2.1.x86_64.rpm libcurl4-8.14.1-150700.7.2.1.x86_64.rpm libcurl4-32bit-8.14.1-150700.7.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3753 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562). libsoup-3.4.4-150600.3.18.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.18.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.18.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.18.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3949 Security update for colord moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for colord fixes the following issues: - CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750). colord-1.4.6-150600.3.8.1.src.rpm libcolord2-1.4.6-150600.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3836 Recommended update for bash important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) bash-4.4-150400.27.6.1.src.rpm bash-4.4-150400.27.6.1.x86_64.rpm bash-devel-4.4-150400.27.6.1.x86_64.rpm bash-doc-4.4-150400.27.6.1.noarch.rpm bash-lang-4.4-150400.27.6.1.noarch.rpm bash-sh-4.4-150400.27.6.1.x86_64.rpm libreadline7-7.0-150400.27.6.1.x86_64.rpm readline-devel-7.0-150400.27.6.1.x86_64.rpm readline-doc-7.0-150400.27.6.1.noarch.rpm libreadline7-32bit-7.0-150400.27.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3750 Recommended update for libvirt important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libvirt fixes the following issues: - qemu: Fix firmware auto-selection for SEV-SNP enabled VMs (bsc#1241211) libvirt-11.0.0-150700.4.10.1.src.rpm libvirt-libs-11.0.0-150700.4.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3701 Security update for webkit2gtk3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2025-43343: improved memory handling in web content processing to prevent process crash (bsc#1251975) - CVE-2025-43272: improved memory handling to prevent unexpected process crash (bsc#1250439) - CVE-2025-43342: correctness issue was addressed with improved checks to prevent unexcepted process crash (bsc#1250440) - CVE-2025-43356: improved handling of caches to prevent sensor access without consent (bsc#1250441) - CVE-2025-43368: improved memory management to prevent a use-after-free (bsc#1250442) WebKitGTK-4.0-lang-2.50.1-150600.12.48.3.noarch.rpm WebKitGTK-6.0-lang-2.50.1-150600.12.48.3.noarch.rpm libjavascriptcoregtk-4_0-18-2.50.1-150600.12.48.3.x86_64.rpm libjavascriptcoregtk-6_0-1-2.50.1-150600.12.48.3.x86_64.rpm libwebkit2gtk-4_0-37-2.50.1-150600.12.48.3.x86_64.rpm libwebkitgtk-6_0-4-2.50.1-150600.12.48.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.50.1-150600.12.48.3.x86_64.rpm typelib-1_0-WebKit2-4_0-2.50.1-150600.12.48.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.1-150600.12.48.3.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.50.1-150600.12.48.3.x86_64.rpm webkit2gtk3-soup2-2.50.1-150600.12.48.3.src.rpm webkit2gtk3-soup2-devel-2.50.1-150600.12.48.3.x86_64.rpm webkit2gtk4-2.50.1-150600.12.48.3.src.rpm webkitgtk-6_0-injected-bundles-2.50.1-150600.12.48.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3854 Recommended update for cifs-utils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket cifs-utils-6.15-150400.3.18.1.src.rpm cifs-utils-6.15-150400.3.18.1.x86_64.rpm cifs-utils-devel-6.15-150400.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3847 Recommended update for python-kiwi critical SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) libsolv-0.7.35-150700.11.5.2.src.rpm True libsolv-devel-0.7.35-150700.11.5.2.x86_64.rpm True libsolv-tools-0.7.35-150700.11.5.2.x86_64.rpm True libsolv-tools-base-0.7.35-150700.11.5.2.x86_64.rpm True python3-solv-0.7.35-150700.11.5.2.x86_64.rpm True ruby-solv-0.7.35-150700.11.5.2.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-3893 Recommended update for yast2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for yast2 fixes the following issues: - save_y2logs: Sanitize confidential data in macro_inst_initial.ycp (bsc#1251768) yast2-4.7.2-150700.3.6.1.src.rpm yast2-4.7.2-150700.3.6.1.x86_64.rpm yast2-logs-4.7.2-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3811 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-11626: fixed MONGO dissector infinite loop (bsc#1251933). libwireshark17-4.2.14-150600.18.29.1.x86_64.rpm libwiretap14-4.2.14-150600.18.29.1.x86_64.rpm libwsutil15-4.2.14-150600.18.29.1.x86_64.rpm wireshark-4.2.14-150600.18.29.1.src.rpm wireshark-4.2.14-150600.18.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3777 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-11626: fixed MONGO dissector infinite loop (bsc#1251933). wireshark-3.6.24-150000.3.124.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3877 Recommended update for libselinux important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) libselinux-3.5-150600.3.3.1.src.rpm libselinux-bindings-3.5-150600.3.3.1.src.rpm libselinux-devel-3.5-150600.3.3.1.x86_64.rpm libselinux1-3.5-150600.3.3.1.x86_64.rpm python3-selinux-3.5-150600.3.3.1.x86_64.rpm selinux-tools-3.5-150600.3.3.1.x86_64.rpm libselinux1-32bit-3.5-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3845 Security update for fetchmail moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for fetchmail fixes the following issues: - CVE-2025-61962: fixed a denial of service condition (bsc#1251194) fetchmail-6.4.22-150600.35.3.1.src.rpm fetchmail-6.4.22-150600.35.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3849 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issue: - update CUDA variant to 580.95.05 nv-prefer-signed-open-driver-580.95.05-150700.3.27.2.x86_64.rpm nvidia-open-driver-G06-signed-580.95.05-150700.3.27.2.src.rpm nvidia-open-driver-G06-signed-cuda-580.95.05-150700.3.27.2.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.95.05-150700.3.27.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.95.05_k6.4.0_150700.53.19-150700.3.27.2.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-150700.3.27.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.4.0_150700.53.19-150700.3.27.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3993 Recommended update for numatop moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for numatop fixes the following issues: - Fix segmentation fault errors in the latency view (bsc#1248317). - Fix to start it on processors with more than 256 CPUs per NUMA node (bsc#1247358). - Version update: 2.5.1 - Switch to ncursesw6 numatop-2.5.1-150700.3.3.2.src.rpm numatop-2.5.1-150700.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3793 Security update for xen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: fixed input sanitisation in Viridian hypercalls (XSA-475, bsc#1251271) xen-4.20.1_06-150700.3.14.1.src.rpm xen-libs-4.20.1_06-150700.3.14.1.x86_64.rpm xen-tools-domU-4.20.1_06-150700.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4138 Recommended update for systemd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) libsystemd0-254.27-150600.4.46.2.x86_64.rpm libudev1-254.27-150600.4.46.2.x86_64.rpm systemd-254.27-150600.4.46.2.src.rpm systemd-254.27-150600.4.46.2.x86_64.rpm systemd-container-254.27-150600.4.46.2.x86_64.rpm systemd-coredump-254.27-150600.4.46.2.x86_64.rpm systemd-devel-254.27-150600.4.46.2.x86_64.rpm systemd-doc-254.27-150600.4.46.2.x86_64.rpm systemd-journal-remote-254.27-150600.4.46.2.x86_64.rpm systemd-lang-254.27-150600.4.46.2.noarch.rpm systemd-resolved-254.27-150600.4.46.2.x86_64.rpm systemd-sysvcompat-254.27-150600.4.46.2.x86_64.rpm udev-254.27-150600.4.46.2.x86_64.rpm libsystemd0-32bit-254.27-150600.4.46.2.x86_64.rpm libudev1-32bit-254.27-150600.4.46.2.x86_64.rpm systemd-32bit-254.27-150600.4.46.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3804 Security update for mozilla-nss important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. libfreebl3-3.112.2-150400.3.60.1.x86_64.rpm libsoftokn3-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-3.112.2-150400.3.60.1.src.rpm mozilla-nss-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-certs-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-devel-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-sysinit-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-tools-3.112.2-150400.3.60.1.x86_64.rpm libfreebl3-32bit-3.112.2-150400.3.60.1.x86_64.rpm libsoftokn3-32bit-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-32bit-3.112.2-150400.3.60.1.x86_64.rpm mozilla-nss-certs-32bit-3.112.2-150400.3.60.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3982 Recommended update for lcms2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). lcms2-2.15-150600.3.3.2.src.rpm liblcms2-2-2.15-150600.3.3.2.x86_64.rpm liblcms2-devel-2.15-150600.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4376 Recommended update for lvm2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - systemd fails to start lvmlockd with sanlock running (bsc#1246691). device-mapper-2.03.24_1.02.198-150700.7.3.3.x86_64.rpm device-mapper-devel-2.03.24_1.02.198-150700.7.3.3.x86_64.rpm libdevmapper-event1_03-2.03.24_1.02.198-150700.7.3.3.x86_64.rpm libdevmapper1_03-2.03.24_1.02.198-150700.7.3.3.x86_64.rpm liblvm2cmd2_03-2.03.24-150700.7.3.3.x86_64.rpm lvm2-2.03.24-150700.7.3.3.src.rpm lvm2-2.03.24-150700.7.3.3.x86_64.rpm lvm2-devel-2.03.24-150700.7.3.3.x86_64.rpm lvm2-device-mapper-2.03.24-150700.7.3.3.src.rpm libdevmapper1_03-32bit-2.03.24_1.02.198-150700.7.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4127 Recommended update for gnu-free-fonts moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gnu-free-fonts fixes the following issue: - Mark COPYING as %license (bsc#1252150). gnu-free-fonts-0.20120503-150000.4.6.2.noarch.rpm gnu-free-fonts-0.20120503-150000.4.6.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3979 Recommended update for man-pages-posix moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for man-pages-posix fixes the following issue: - Use %license tag in the description (bsc#1252161). man-pages-posix-2013a-150000.3.6.2.noarch.rpm man-pages-posix-2013a-150000.3.6.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3994 Recommended update for opie moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for opie fixes the following issue: - Properly fix package license and copyright (bsc#1252168). opie-2.4-150000.3.3.2.src.rpm opie-32bit-2.4-150000.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3834 Security update for strongswan important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for strongswan fixes the following issues: - CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests (bsc#1251941) strongswan-5.9.14-150700.3.3.1.src.rpm strongswan-5.9.14-150700.3.3.1.x86_64.rpm strongswan-doc-5.9.14-150700.3.3.1.noarch.rpm strongswan-hmac-5.9.14-150700.3.3.1.x86_64.rpm strongswan-ipsec-5.9.14-150700.3.3.1.x86_64.rpm strongswan-libs0-5.9.14-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3903 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). bind-9.20.15-150700.3.12.1.src.rpm bind-utils-9.20.15-150700.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3860 Optional update for firewalld-legacy low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for firewalld-legacy fixes the following issues: - Provide v1.3.4 as installable option due to slow firewall rule generation introduced in the 2.x.x series (jsc#PED-13314). firewalld-1.3.4-150600.13.3.1.noarch.rpm firewalld-1.3.4-150600.13.3.1.src.rpm firewalld-bash-completion-1.3.4-150600.13.3.1.noarch.rpm firewalld-lang-1.3.4-150600.13.3.1.noarch.rpm firewalld-zsh-completion-1.3.4-150600.13.3.1.noarch.rpm python3-firewall-1.3.4-150600.13.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4084 Recommended update for kyotocabinet moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kyotocabinet fixes the following issues: - Fix the %licence tag for kyotocabinet (bsc#1252197) - configure.in supports strict C99 rules. - Fixed errors of kcdirtest on BtrFS. - Fixed build warnings. - Update url to new website. * link all executables as pie (bsc#1185033) - Modernise spec file (bsc#1252197) - gcc6: Fix errors, return NULL instead, make GCC7 happy - configure 8-byte atomics kyotocabinet-1.2.80-150000.4.6.1.src.rpm libkyotocabinet-devel-1.2.80-150000.4.6.1.x86_64.rpm libkyotocabinet16-1.2.80-150000.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3865 Security update for xorg-x11-server important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) - Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) - Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) xorg-x11-server-21.1.15-150700.5.11.1.src.rpm xorg-x11-server-21.1.15-150700.5.11.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-150700.5.11.1.x86_64.rpm xorg-x11-server-extra-21.1.15-150700.5.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3962 Recommended update for xiterm important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xiterm fixes the following issues: - use %license tag for xiterm (bsc#1252221) fbiterm-0.5.20040304-150000.5.9.1.x86_64.rpm libiterm1-0.5.20040304-150000.5.9.1.x86_64.rpm xiterm-0.5.20040304-150000.5.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4109 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). bind-9.16.6-150300.22.53.1.src.rpm libdns1605-9.16.6-150300.22.53.1.x86_64.rpm libirs-devel-9.16.6-150300.22.53.1.x86_64.rpm libirs1601-9.16.6-150300.22.53.1.x86_64.rpm libisc1606-9.16.6-150300.22.53.1.x86_64.rpm libisccfg1600-9.16.6-150300.22.53.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4093 Recommended update for intel-SINIT moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for intel-SINIT fixes the following issue: - Copy license files into uniquely named files and mark them as licenses for the package (bsc#1252152). intel-SINIT-2.3-150000.4.5.2.noarch.rpm intel-SINIT-2.3-150000.4.5.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3941 Security update for tiff important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413). libtiff5-4.0.9-150000.45.60.1.x86_64.rpm tiff-4.0.9-150000.45.60.1.src.rpm libtiff5-32bit-4.0.9-150000.45.60.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-3957 Security update for tiff important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). libtiff-devel-4.7.1-150600.3.23.1.x86_64.rpm libtiff6-4.7.1-150600.3.23.1.x86_64.rpm tiff-4.7.1-150600.3.23.1.src.rpm libtiff6-32bit-4.7.1-150600.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4092 Security update for elfutils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. debuginfod-client-0.185-150400.5.8.2.x86_64.rpm elfutils-0.185-150400.5.8.3.src.rpm elfutils-0.185-150400.5.8.3.x86_64.rpm elfutils-debuginfod-0.185-150400.5.8.2.src.rpm elfutils-debuginfod-0.185-150400.5.8.2.x86_64.rpm elfutils-lang-0.185-150400.5.8.3.noarch.rpm libasm-devel-0.185-150400.5.8.3.x86_64.rpm libasm1-0.185-150400.5.8.3.x86_64.rpm libdebuginfod-devel-0.185-150400.5.8.2.x86_64.rpm libdebuginfod1-0.185-150400.5.8.2.x86_64.rpm libdw-devel-0.185-150400.5.8.3.x86_64.rpm libdw1-0.185-150400.5.8.3.x86_64.rpm libelf-devel-0.185-150400.5.8.3.x86_64.rpm libelf1-0.185-150400.5.8.3.x86_64.rpm libdw1-32bit-0.185-150400.5.8.3.x86_64.rpm libelf1-32bit-0.185-150400.5.8.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4096 Security update for binutils important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize "z17" as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols "GAS(version)" and, on non-release builds, "GAS(date)" are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base=<ADDR> option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. binutils-2.45-150100.7.57.1.src.rpm binutils-2.45-150100.7.57.1.x86_64.rpm binutils-devel-2.45-150100.7.57.1.x86_64.rpm libctf-nobfd0-2.45-150100.7.57.1.x86_64.rpm libctf0-2.45-150100.7.57.1.x86_64.rpm libucm-devel-1.17.0-150700.4.2.7.x86_64.rpm libucm0-1.17.0-150700.4.2.7.x86_64.rpm libucp-devel-1.17.0-150700.4.2.7.x86_64.rpm libucp0-1.17.0-150700.4.2.7.x86_64.rpm libucs-devel-1.17.0-150700.4.2.7.x86_64.rpm libucs0-1.17.0-150700.4.2.7.x86_64.rpm libuct-devel-1.17.0-150700.4.2.7.x86_64.rpm libuct0-1.17.0-150700.4.2.7.x86_64.rpm openucx-1.17.0-150700.4.2.7.src.rpm openucx-tools-1.17.0-150700.4.2.7.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4238 Recommended update for hdparm important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for hdparm fixes the following issues: - Fix the %licence tag for hdparm (bsc#1252151) hdparm-9.62-150400.3.5.2.src.rpm hdparm-9.62-150400.3.5.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4148 Security update for ghostscript moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ghostscript fixes the following issues: - CVE-2025-59798: Fixed stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. (bsc#1250353) - CVE-2025-59799: Fixed stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. (bsc#1250354) ghostscript-9.52-150000.211.1.src.rpm ghostscript-9.52-150000.211.1.x86_64.rpm ghostscript-devel-9.52-150000.211.1.x86_64.rpm ghostscript-x11-9.52-150000.211.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4083 Recommended update for dracut moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dracut fixes the following issues: - Fix (kernel-modules-extra): * Remove the stray backslash (\) before the forward slash (/). (bsc#1253029) dracut-059+suse.566.gc1c35aa5-150700.3.11.3.src.rpm dracut-059+suse.566.gc1c35aa5-150700.3.11.3.x86_64.rpm dracut-fips-059+suse.566.gc1c35aa5-150700.3.11.3.x86_64.rpm dracut-ima-059+suse.566.gc1c35aa5-150700.3.11.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4144 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - introduced extra %gfx_aarch64_version and appropriate tarball/pci_id file in the hope that build service will no longer complain - update CUDA variant to 580.105.08 - back to 580.95.05 on aarch64, since userspace drivers have not been updated for this platform - update non-CUDA variant to version 580.105.08 (bsc#1252978) nv-prefer-signed-open-driver-580.105.08-150700.3.34.2.x86_64.rpm nvidia-open-driver-G06-signed-580.105.08-150700.3.34.2.src.rpm nvidia-open-driver-G06-signed-cuda-580.105.08-150700.3.34.2.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-150700.3.34.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.4.0_150700.53.22-150700.3.34.2.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.105.08-150700.3.34.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.105.08_k6.4.0_150700.53.22-150700.3.34.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4057 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process "guest stopped request" once per guest time update (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815). - dpll: Make ZL3073X invisible (bsc#1252253). - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix build failure (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nvme-auth: update bi_directional flag (git-fixes bsc#1249735). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112). - platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112). - platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112). - platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112). - platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112). - platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112). - platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112). - platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112). - platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112). - platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469) Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default configurations, but keep it disabled for kvmsmall configurations. For ppc64 and s390x drivers was not enabled, so keep it that way. Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list. - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). kernel-default-6.4.0-150700.53.22.1.nosrc.rpm True kernel-default-6.4.0-150700.53.22.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.22.1.150700.17.15.1.src.rpm True kernel-default-base-6.4.0-150700.53.22.1.150700.17.15.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.22.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.22.1.noarch.rpm True kernel-macros-6.4.0-150700.53.22.1.noarch.rpm True kernel-source-6.4.0-150700.53.22.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-4073 Security update for runc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.1> Update to runc v1.3.0. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.0> runc-1.3.3-150000.85.1.src.rpm runc-1.3.3-150000.85.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4067 Security update for openssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) openssh-9.6p1-150600.6.34.1.src.rpm openssh-9.6p1-150600.6.34.1.x86_64.rpm openssh-clients-9.6p1-150600.6.34.1.x86_64.rpm openssh-common-9.6p1-150600.6.34.1.x86_64.rpm openssh-fips-9.6p1-150600.6.34.1.x86_64.rpm openssh-helpers-9.6p1-150600.6.34.1.x86_64.rpm openssh-server-9.6p1-150600.6.34.1.x86_64.rpm openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4095 Recommended update for smartmontools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for smartmontools fixes the following issues: - update-smart-drivedb: Provide support for the new upstream GitHub repository. - update-smart-drivedb: Do not overwrite files in /usr/share. * Use /var/lib provided by --with-drivedbinstdir. - Add smartmontools-drivedb.h version 5894 from the branch 7.5. - Update to 7.5 (jsc#PED-13806). smartmontools-7.5-150600.3.5.1.src.rpm smartmontools-7.5-150600.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4288 Security update for containerd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) containerd-1.7.29-150000.128.1.src.rpm containerd-1.7.29-150000.128.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4142 Recommended update for osinfo-db moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for osinfo-db fixes the following issues: - Fix: virt-manager does not detect Leap 16.0 offline ISO (bsc#1252429) - Fix the definition of Leap 16.0 to match the current names of the Leap 16.0 ISOs and the Volume IDs contained within those ISOs. (bsc#1236401) - Update to database version 20250606 (jsc#PED-12706) osinfo-db-20250606-150700.5.6.1.noarch.rpm osinfo-db-20250606-150700.5.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4155 Recommended update for cyrus-sasl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. cyrus-sasl-2.1.28-150600.7.14.1.src.rpm cyrus-sasl-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-crammd5-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-devel-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-digestmd5-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-gssapi-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-ntlm-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-otp-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-plain-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.14.1.src.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.14.1.x86_64.rpm libsasl2-3-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-32bit-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-crammd5-32bit-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-digestmd5-32bit-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-gssapi-32bit-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-plain-32bit-2.1.28-150600.7.14.1.x86_64.rpm libsasl2-3-32bit-2.1.28-150600.7.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4431 Recommended update for mdadm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mdadm fixes the following issues: - Version update 4.4+29.gf8bb524b. - Fixing race conditions between mdcheck_start and mdcheck_continue services (bsc#1243443, bsc#1248097). - Fixing broken monitoring for mdadm in Leap 15.6 (bsc#1229997). - Split off the Software RAID HOWTO into a -doc package. - Upstream bug fixes since 4.4 (bsc#1253060). - _service: switch to tar_scm for better interoperabity with SLFO. - _service: pull from github.com/openSUSE/mdadm, patches now managed in git. - New versioning scheme: add tag offset and git commit from openSUSE/mdadm repo. - Fix systemd unit file handling in spec file (bsc#1207266). - Fix mdraid activation issues (bsc#1233265). - Stop emitting %release into program binaries (bsc#1246806). mdadm-4.4+29.gf8bb524b-150700.4.15.4.src.rpm mdadm-4.4+29.gf8bb524b-150700.4.15.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4223 Recommended update for glu important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glu fixes the following issues: - Fix the %licence tag (bsc#1252149) * Add missing LICENSE file * Fix license string glu-9.0.0-150200.10.3.1.src.rpm libGLU1-9.0.0-150200.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4179 Recommended update for mozilla-nspr moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. mozilla-nspr-4.36.2-150000.3.36.1.src.rpm mozilla-nspr-4.36.2-150000.3.36.1.x86_64.rpm mozilla-nspr-devel-4.36.2-150000.3.36.1.x86_64.rpm mozilla-nspr-32bit-4.36.2-150000.3.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4134 Security update for unbound moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for unbound fixes the following issues: - CVE-2025-11411: Fixed possible domain hijacking attack. (bsc#1252525) libunbound8-1.20.0-150600.23.13.1.x86_64.rpm unbound-1.20.0-150600.23.13.1.src.rpm unbound-anchor-1.20.0-150600.23.13.1.x86_64.rpm unbound-devel-1.20.0-150600.23.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4121 Security update for alloy moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alloy fixes the following issues: - update to 1.11.3: - CVE-2025-58058: Fixed memory leaks in xz. (bsc#1248960) - CVE-2025-11065: Fixed sensitive Information leak in logs. (bsc#1250621) alloy-1.11.3-150700.15.9.1.src.rpm alloy-1.11.3-150700.15.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4118 Recommended update for freetype2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license freetype2-2.10.4-150000.4.25.1.src.rpm freetype2-devel-2.10.4-150000.4.25.1.x86_64.rpm libfreetype6-2.10.4-150000.4.25.1.x86_64.rpm libfreetype6-32bit-2.10.4-150000.4.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4404 Optional update for davfs2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for davfs2 fixes the following issue: - Add davfs2 to the SLES Basesystem (PED-13444) davfs2-1.5.4-150000.3.13.1.src.rpm davfs2-1.5.4-150000.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4158 Security update for cups-filters moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups-filters fixes the following issues: - CVE-2025-64503: Fixed out-of-bounds write in pdftoraster tool (bsc#1253374) - CVE-2025-57812: Fixed multiple TIFF-related issues in libcupsfilters (bsc#1253373) - CVE-2025-64524: Fixed out-of-bounds write de to use of unvalidated length parameter in the rastertopclx filter (bsc#1253364) cups-filters-1.25.0-150200.3.25.1.src.rpm cups-filters-1.25.0-150200.3.25.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4293 Recommended update for gpgme important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 gpgme-1.23.0-150600.3.5.1.src.rpm gpgme-1.23.0-150600.3.5.1.x86_64.rpm gpgmeqt-1.23.0-150600.3.5.1.src.rpm libgpgme-devel-1.23.0-150600.3.5.1.x86_64.rpm libgpgme11-1.23.0-150600.3.5.1.x86_64.rpm libgpgmepp-devel-1.23.0-150600.3.5.1.x86_64.rpm libgpgmepp6-1.23.0-150600.3.5.1.x86_64.rpm libqgpgme-devel-1.23.0-150600.3.5.1.x86_64.rpm libqgpgme15-1.23.0-150600.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4287 Security update for java-25-openjdk important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 (October 2025 CPU) * Security fixes: + JDK-8360937, CVE-2025-53057, bsc#1252414: Enhance certificate handling + JDK-8356294, CVE-2025-53066, bsc#1252417: Enhance Path Factories + JDK-8359454, CVE-2025-61748, bsc#1252418: Enhance String handling + JDK-8352637: Enhance bytecode verification * Other fixes: + JDK-8367031: [backout] Change java.time month/day field types to 'byte' + JDK-8368308: ISO 4217 Amendment 180 Update + JDK-8366223: ZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken + JDK-8360647: [XWayland] [OL10] NumPad keys are not triggered + JDK-8361212: Remove AffirmTrust root CAs + JDK-8356587: Missing object ID X in pool jdk.types.Method + JDK-8360679: Shenandoah: AOT saved adapter calls into broken GC barrier stub + JDK-8362882: Update SubmissionPublisher() specification to reflect use of ForkJoinPool.asyncCommonPool() + JDK-8315131: Clarify VarHandle set/get access on 32-bit platforms + JDK-8362109: Change milestone to fcs for all releases + JDK-8358819: The first year is not displayed correctly in Japanese Calendar + JDK-8361829: [TESTBUG] RISC-V: compiler/vectorization/runner/ /BasicIntOpTest.java fails with RVV but not Zvbb + JDK-8361532: RISC-V: Several vector tests fail after JDK-8354383 + JDK-8357826: Avoid running some jtreg tests when asan is configured + JDK-8358577: Test serviceability/jvmti/thread/ /GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object + JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions + JDK-8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119) + JDK-8359270: C2: alignment check should consider base offset when emitting arraycopy runtime call + JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given + JDK-8360179: RISC-V: Only enable BigInteger intrinsics when AvoidUnalignedAccess == false + JDK-8359218: RISC-V: Only enable CRC32 intrinsic when AvoidUnalignedAccess == false + JDK-8359059: Bump version numbers for 25.0.1 + forward port the FIPS support from OpenJDK 21 - Initial packaging of OpenJDK 25 * JEPs included: + 470: PEM Encodings of Cryptographic Objects (Preview) + 502: Stable Values (Preview) + 503: Remove the 32-bit x86 Port + 505: Structured Concurrency (Fifth Preview) + 506: Scoped Values + 507: Primitive Types in Patterns, instanceof, and switch (Third Preview) + 508: Vector API (Tenth Incubator) + 509: JFR CPU-Time Profiling (Experimental) + 510: Key Derivation Function API + 511: Module Import Declarations + 512: Compact Source Files and Instance Main Methods + 513: Flexible Constructor Bodies + 514: Ahead-of-Time Command-Line Ergonomics + 515: Ahead-of-Time Method Profiling + 518: JFR Cooperative Sampling + 519: Compact Object Headers + 520: JFR Method Timing & Tracing + 521: Generational Shenandoah java-25-openjdk-25.0.1.0-150700.15.4.1.src.rpm java-25-openjdk-25.0.1.0-150700.15.4.1.x86_64.rpm java-25-openjdk-demo-25.0.1.0-150700.15.4.1.x86_64.rpm java-25-openjdk-devel-25.0.1.0-150700.15.4.1.x86_64.rpm java-25-openjdk-headless-25.0.1.0-150700.15.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4419 Security update for xen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: Update to Xen 4.20.2 (jsc#PED-8907). Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to it (XSA-476, bsc#1252692). Other issues fixed: - Failure to restart xenstored (bsc#1254180). xen-4.20.2_02-150700.3.19.1.src.rpm True xen-libs-4.20.2_02-150700.3.19.1.x86_64.rpm True xen-tools-domU-4.20.2_02-150700.3.19.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-4151 Recommended update for multipath-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for multipath-tools fixes the following issues: - _service: switched to tar_scm for git LFS - Fixes from upstream 0.10.5 (bsc#1253260): * Improved the communication with **udev** and **systemd** by triggering uevents when path devices are added to or removed from multipath maps, or when `multipathd reconfigure` is executed after changing blacklist directives in `multipath.conf`. * Failed paths should be checked every `polling_interval`. In certain cases, this wouldn't happen, because the check interval wasn't reset by multipathd. * It could happen that multipathd would accidentally release a SCSI persistent reservation held by another node. * After manually failing some paths and then reinstating them, sometimes the reinstated paths were immediately failed again by multipathd. * Various minor fixes reported by coverity. kpartx-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm libdmmp-devel-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm libdmmp0_2_0-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm libmpath0-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm multipath-tools-0.10.5+198+suse.5875f383-150700.3.6.1.src.rpm multipath-tools-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm multipath-tools-devel-0.10.5+198+suse.5875f383-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4308 Security update for glib2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) glib2-2.78.6-150600.4.22.1.src.rpm glib2-devel-2.78.6-150600.4.22.1.x86_64.rpm glib2-lang-2.78.6-150600.4.22.1.noarch.rpm glib2-tools-2.78.6-150600.4.22.1.x86_64.rpm libgio-2_0-0-2.78.6-150600.4.22.1.x86_64.rpm libglib-2_0-0-2.78.6-150600.4.22.1.x86_64.rpm libgmodule-2_0-0-2.78.6-150600.4.22.1.x86_64.rpm libgobject-2_0-0-2.78.6-150600.4.22.1.x86_64.rpm libgthread-2_0-0-2.78.6-150600.4.22.1.x86_64.rpm libgio-2_0-0-32bit-2.78.6-150600.4.22.1.x86_64.rpm libglib-2_0-0-32bit-2.78.6-150600.4.22.1.x86_64.rpm libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1.x86_64.rpm libgobject-2_0-0-32bit-2.78.6-150600.4.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4175 Recommended update for ocl-icd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ocl-icd ships the ocl-icd-devel to Basesystem. libOpenCL1-2.3.1-150100.8.19.1.x86_64.rpm ocl-icd-2.3.1-150100.8.19.1.src.rpm ocl-icd-devel-2.3.1-150100.8.19.1.x86_64.rpm libOpenCL1-32bit-2.3.1-150100.8.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4305 Security update for grub2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 - Fixed timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) grub2-2.12-150700.19.19.1.src.rpm grub2-2.12-150700.19.19.1.x86_64.rpm grub2-i386-pc-2.12-150700.19.19.1.noarch.rpm grub2-snapper-plugin-2.12-150700.19.19.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-150700.19.19.1.noarch.rpm grub2-x86_64-efi-2.12-150700.19.19.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4250 Recommended update for hyper-v moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 hyper-v was updated to fix the following issue: - hyper-v is shipped on Aarch64. hyper-v-9-150700.3.5.1.src.rpm hyper-v-9-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4183 Security update for sssd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827) libipa_hbac-devel-2.9.3-150700.9.9.1.x86_64.rpm libipa_hbac0-2.9.3-150700.9.9.1.x86_64.rpm libsss_certmap-devel-2.9.3-150700.9.9.1.x86_64.rpm libsss_certmap0-2.9.3-150700.9.9.1.x86_64.rpm libsss_idmap-devel-2.9.3-150700.9.9.1.x86_64.rpm libsss_idmap0-2.9.3-150700.9.9.1.x86_64.rpm libsss_nss_idmap-devel-2.9.3-150700.9.9.1.x86_64.rpm libsss_nss_idmap0-2.9.3-150700.9.9.1.x86_64.rpm libsss_simpleifp-devel-2.9.3-150700.9.9.1.x86_64.rpm libsss_simpleifp0-2.9.3-150700.9.9.1.x86_64.rpm python3-sssd-config-2.9.3-150700.9.9.1.x86_64.rpm sssd-2.9.3-150700.9.9.1.src.rpm sssd-2.9.3-150700.9.9.1.x86_64.rpm sssd-ad-2.9.3-150700.9.9.1.x86_64.rpm sssd-dbus-2.9.3-150700.9.9.1.x86_64.rpm sssd-ipa-2.9.3-150700.9.9.1.x86_64.rpm sssd-kcm-2.9.3-150700.9.9.1.x86_64.rpm sssd-krb5-2.9.3-150700.9.9.1.x86_64.rpm sssd-krb5-common-2.9.3-150700.9.9.1.x86_64.rpm sssd-ldap-2.9.3-150700.9.9.1.x86_64.rpm sssd-proxy-2.9.3-150700.9.9.1.x86_64.rpm sssd-tools-2.9.3-150700.9.9.1.x86_64.rpm sssd-winbind-idmap-2.9.3-150700.9.9.1.x86_64.rpm sssd-32bit-2.9.3-150700.9.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-407 Recommended update for systemd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202) The contents of this package were split into two independent packages: systemd-networkd and systemd-resolved. However, the initial replacement caused both network services to be disabled. Consequently, the original package has been restored as an empty transitional package to prevent the disabling of the services. It can be safely removed once the update is complete. - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user@.service - detect-virt: add bare-metal support for GCE (bsc#1244449) libsystemd0-254.27-150600.4.55.1.x86_64.rpm libudev1-254.27-150600.4.55.1.x86_64.rpm systemd-254.27-150600.4.55.1.src.rpm systemd-254.27-150600.4.55.1.x86_64.rpm systemd-container-254.27-150600.4.55.1.x86_64.rpm systemd-coredump-254.27-150600.4.55.1.x86_64.rpm systemd-devel-254.27-150600.4.55.1.x86_64.rpm systemd-doc-254.27-150600.4.55.1.x86_64.rpm systemd-journal-remote-254.27-150600.4.55.1.x86_64.rpm systemd-lang-254.27-150600.4.55.1.noarch.rpm systemd-resolved-254.27-150600.4.55.1.x86_64.rpm systemd-sysvcompat-254.27-150600.4.55.1.x86_64.rpm udev-254.27-150600.4.55.1.x86_64.rpm libsystemd0-32bit-254.27-150600.4.55.1.x86_64.rpm libudev1-32bit-254.27-150600.4.55.1.x86_64.rpm systemd-32bit-254.27-150600.4.55.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4290 Security update for cups moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) cups-2.2.7-150000.3.77.1.src.rpm cups-2.2.7-150000.3.77.1.x86_64.rpm cups-client-2.2.7-150000.3.77.1.x86_64.rpm cups-config-2.2.7-150000.3.77.1.x86_64.rpm cups-devel-2.2.7-150000.3.77.1.x86_64.rpm libcups2-2.2.7-150000.3.77.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.77.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.77.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.77.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.77.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4264 Security update for ruby2.5 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905) - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440) - CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430) - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) - CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805) - CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254) libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64.rpm ruby2.5-2.5.9-150700.24.3.1.src.rpm ruby2.5-2.5.9-150700.24.3.1.x86_64.rpm ruby2.5-devel-2.5.9-150700.24.3.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4297 Security update for python311 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) libpython3_11-1_0-3.11.14-150600.3.38.1.x86_64.rpm python311-base-3.11.14-150600.3.38.1.x86_64.rpm python311-core-3.11.14-150600.3.38.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4535 Recommended update for samba moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for samba fixes the following issues: - Update to 4.21.10 * Crash in ctdbd on failed updateip; (bso#15935). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.21.9 ldb-tools-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm libldb-devel-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm libldb2-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm python3-ldb-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-4.21.10+git.424.0b233794b52-150700.3.14.10.src.rpm samba-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-ceph-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-client-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-client-libs-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-dcerpc-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-devel-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-gpupdate-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-ldb-ldap-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-libs-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-libs-python3-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-python3-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-tool-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-winbind-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-winbind-libs-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm libldb2-32bit-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-client-libs-32bit-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-libs-32bit-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm samba-winbind-libs-32bit-4.21.10+git.424.0b233794b52-150700.3.14.10.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4291 Security update for libmicrohttpd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libmicrohttpd fixes the following issues: - CVE-2025-59777: Fixed NULL pointer dereference via specially crafted packet sent by an attacker (bsc#1253177) - CVE-2025-62689: Fixed heap-based buffer overflow via specially crafted packet sent by an attacker (bsc#1253178) libmicrohttpd-0.9.77-150600.3.3.1.src.rpm libmicrohttpd12-0.9.77-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4310 Security update for libcryptopp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libcryptopp fixes the following issues: - CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS#1v1.5 padding. (bsc#1218217) libcryptopp-8.6.0-150400.3.12.1.src.rpm libcryptopp-devel-8.6.0-150400.3.12.1.x86_64.rpm libcryptopp8_6_0-8.6.0-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4323 Security update for gnutls moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) gnutls-3.8.3-150600.4.12.1.src.rpm gnutls-3.8.3-150600.4.12.1.x86_64.rpm libgnutls-devel-3.8.3-150600.4.12.1.x86_64.rpm libgnutls30-3.8.3-150600.4.12.1.x86_64.rpm libgnutlsxx-devel-3.8.3-150600.4.12.1.x86_64.rpm libgnutlsxx30-3.8.3-150600.4.12.1.x86_64.rpm libgnutls30-32bit-3.8.3-150600.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4344 Recommended update for strongswan important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for strongswan fixes the following issues: - Fix rpm scripts to not break swanctl.conf use (bsc#1252002): * Guard rpm migration scripts migrating strongswan.service using ipsec.conf on less than 5.8 to strongswan-starter.service by checking the ipsec.service alias provider. * Call systemd macros for both, strongswan-starter and the strongswan service. strongswan-5.9.14-150700.3.6.1.src.rpm strongswan-5.9.14-150700.3.6.1.x86_64.rpm strongswan-doc-5.9.14-150700.3.6.1.noarch.rpm strongswan-hmac-5.9.14-150700.3.6.1.x86_64.rpm strongswan-ipsec-5.9.14-150700.3.6.1.x86_64.rpm strongswan-libs0-5.9.14-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4292 Recommended update for adaptec-firmware important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for adaptec-firmware fixes the following issues: - use %license tag (bsc#1252133) adaptec-firmware-1.35-150000.3.3.1.noarch.rpm adaptec-firmware-1.35-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4303 Recommended update for kmod important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling kmod-29-150600.13.3.1.src.rpm kmod-29-150600.13.3.1.x86_64.rpm kmod-bash-completion-29-150600.13.3.1.noarch.rpm libkmod-devel-29-150600.13.3.1.x86_64.rpm libkmod2-29-150600.13.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4312 Recommended update for docker moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker fixes the following issues: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems. bsc#1252290 - Update to Docker 28.5.1-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2851> - Update to Docker 28.5.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2850> - Update to docker-buildx v0.29.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.29.0> - Remove git-core recommends also on openSUSE: the below argument is valid for those users too. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508 This feature is mostly intended for developers ("docker build git://") so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). docker-28.5.1_ce-150000.238.1.src.rpm docker-28.5.1_ce-150000.238.1.x86_64.rpm docker-buildx-0.29.0-150000.238.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4300 Security update for curl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) curl-8.14.1-150700.7.5.1.src.rpm curl-8.14.1-150700.7.5.1.x86_64.rpm libcurl-devel-8.14.1-150700.7.5.1.x86_64.rpm libcurl4-8.14.1-150700.7.5.1.x86_64.rpm libcurl4-32bit-8.14.1-150700.7.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4362 Recommended update for gcc15 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] gcc15-15.2.0+git10201-150000.1.6.1.src.rpm libasan8-15.2.0+git10201-150000.1.6.1.x86_64.rpm libasan8-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libatomic1-15.2.0+git10201-150000.1.6.1.x86_64.rpm libatomic1-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgcc_s1-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgcc_s1-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgfortran5-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgfortran5-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgomp1-15.2.0+git10201-150000.1.6.1.x86_64.rpm libgomp1-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libhwasan0-15.2.0+git10201-150000.1.6.1.x86_64.rpm libitm1-15.2.0+git10201-150000.1.6.1.x86_64.rpm libitm1-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm liblsan0-15.2.0+git10201-150000.1.6.1.x86_64.rpm libobjc4-15.2.0+git10201-150000.1.6.1.x86_64.rpm libobjc4-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libquadmath0-15.2.0+git10201-150000.1.6.1.x86_64.rpm libquadmath0-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libquadmath0-devel-gcc15-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-locale-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-pp-15.2.0+git10201-150000.1.6.1.x86_64.rpm libstdc++6-pp-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm libtsan2-15.2.0+git10201-150000.1.6.1.x86_64.rpm libubsan1-15.2.0+git10201-150000.1.6.1.x86_64.rpm libubsan1-32bit-15.2.0+git10201-150000.1.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4393 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tas2781: fix getting the wrong device number (git-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (git-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). - KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86, not just KVM (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - acpi/hmat: Fix lockdep warning for hmem_register_resource() (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (git-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - bpf: Fix test verif_scale_strobemeta_subprogs failure due to llvm19 (bsc#1252368). - bpf: improve error message for unsupported helper (bsc#1252370). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). - cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/amdgpu: Release xcp drm memory after unplug (stable-fixes). - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Add fallback path for YCBCR422 (stable-fixes). - drm/amd/display: Allow VRR params change if unsynced with the stream (git-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Enable mst when it's detected but yet to be initialized (git-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Fix for test crash due to power gating (stable-fixes). - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (stable-fixes). - drm/amd/display: Fix pbn_div Calculation Error (stable-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting (stable-fixes). - drm/amd/display: Init dispclk from bootup clock for DCN314 (stable-fixes). - drm/amd/display: Move setup_stream_attribute (stable-fixes). - drm/amd/display: Reject modes with too high pixel clock on DCE6-10 (git-fixes). - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off (stable-fixes). - drm/amd/display: Set up pixel encoding for YCBCR422 (stable-fixes). - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits (stable-fixes). - drm/amd/display: Wait until OTG enable state is cleared (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: change dc stream color settings only in atomic commit (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: fix condition for setting timing_adjust_pending (stable-fixes). - drm/amd/display: fix dml ms order of operations (stable-fixes). - drm/amd/display: incorrect conditions for failing dto calculations (stable-fixes). - drm/amd/display: update color on atomic commit time (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Check that VPE has reached DPM0 in idle handler (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Check vcn sram load return value (stable-fixes). - drm/amdgpu: Correct the counts of nr_banks and nr_errors (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Fix function header names in amdgpu_connectors.c (git-fixes). - drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes). - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) (stable-fixes). - drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add range check for RAS bad page address (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes). - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: relax checks for over allocation of save area (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off (git-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/exynos: exynos7_drm_decon: remove ctx->suspended (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/mediatek: Add pm_runtime support for GCE power control (git-fixes). - drm/mediatek: Disable AFBC support on Mediatek DRM driver (git-fixes). - drm/msm/a6xx: Fix PDC sleep sequence (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm/registers: Generate _HI/LO builders for reg64 (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/panthor: Serialize GPU cache flush operations (stable-fixes). - drm/panthor: check bo offset alignment in vm bind (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/sched: Optimise drm_sched_entity_push_job (stable-fixes). - drm/sched: avoid killing parent entity on child SIGKILL (stable-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - drm/xe/guc: Add more GuC load error status codes (stable-fixes). - drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes). - drm/xe/guc: Return an error code if the GuC load fails (stable-fixes). - drm/xe/guc: Set upper limit of H2G retries over CTB (stable-fixes). - drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes). - drm/xe: Do clean shutdown also when using flr (git-fixes). - drm/xe: Do not wake device during a GT reset (git-fixes). - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test (stable-fixes). - drm/xe: Move declarations under conditional branch (stable-fixes). - drm/xe: Remove duplicate DRM_EXEC selection from Kconfig (git-fixes). - drm: panel-backlight-quirks: Make EDID match optional (stable-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - hyperv: Remove the spurious null directive line (git-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - ixgbe: fix memory leak and use-after-free in ixgbe_recovery_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - media: videobuf2: forbid remove_bufs when legacy fileio is active (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - nvme-auth: add hkdf_expand_label() (bsc#1247683). - nvme-auth: use hkdf_expand_label() (bsc#1247683). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Check for timeout in perf_link test (bsc#1253648). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Remove sockmap_ktls disconnect_after_delete test (bsc#1252365). - selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - selftests/net/forwarding: add slowwait functions (bsc#1254235). - selftests/net/lib: no need to record ns name if it already exist (bsc#1254235). - selftests/net/lib: update busywait timeout value (bsc#1254235). - selftests/net: add lib.sh (bsc#1254235). - selftests/net: add variable NS_LIST for lib.sh (bsc#1254235). - selftests/net: use tc rule to filter the na packet (bsc#1254235). - selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). - selftests: forwarding.config.sample: Move overrides to lib.sh (bsc#1254235). - selftests: forwarding: Add a test for testing lib.sh functionality (bsc#1254235). - selftests: forwarding: Avoid failures to source net/lib.sh (bsc#1254235). - selftests: forwarding: Change inappropriate log_test_skip() calls (bsc#1254235). - selftests: forwarding: Convert log_test() to recognize RET values (bsc#1254235). - selftests: forwarding: Have RET track kselftest framework constants (bsc#1254235). - selftests: forwarding: Parametrize mausezahn delay (bsc#1254235). - selftests: forwarding: Redefine relative_path variable (bsc#1254235). - selftests: forwarding: Remove duplicated lib.sh content (bsc#1254235). - selftests: forwarding: Support for performance sensitive tests (bsc#1254235). - selftests: lib: Define more kselftest exit codes (bsc#1254235). - selftests: lib: tc_rule_stats_get(): Move default to argument definition (bsc#1254235). - selftests: net: List helper scripts in TEST_FILES Makefile variable (bsc#1254235). - selftests: net: Unify code of busywait() and slowwait() (bsc#1254235). - selftests: net: add helper for checking if nettest is available (bsc#1254235). - selftests: net: lib: Do not overwrite error messages (bsc#1254235). - selftests: net: lib: Move logging from forwarding/lib.sh here (bsc#1254235). - selftests: net: lib: avoid error removing empty netns name (bsc#1254235). - selftests: net: lib: do not set ns var as readonly (bsc#1254235). - selftests: net: lib: fix shift count out of range (bsc#1254235). - selftests: net: lib: ignore possible errors (bsc#1254235). - selftests: net: lib: kill PIDs before del netns (bsc#1254235). - selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235). - selftests: net: lib: remove ns from list after clean-up (bsc#1254235). - selftests: net: lib: set 'i' as local (bsc#1254235). - selftests: net: lib: support errexit with busywait (bsc#1254235). - selftests: net: libs: Change variable fallback syntax (bsc#1254235). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/hv: fcopy: Fix incorrect file path conversion (git-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes). - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: Track NAN interface start/stop (stable-fixes). - wifi: mac80211: don't mark keys for inactive links as uploaded (stable-fixes). - wifi: mac80211: fix key tailroom accounting leak (git-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: rtw89: print just once for unknown C2H events (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xe/oa: Fix query mode of operation for OAR/OAC (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). kernel-default-6.4.0-150700.53.25.1.nosrc.rpm True kernel-default-6.4.0-150700.53.25.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.25.1.150700.17.17.1.src.rpm True kernel-default-base-6.4.0-150700.53.25.1.150700.17.17.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.25.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.25.1.noarch.rpm True kernel-macros-6.4.0-150700.53.25.1.noarch.rpm True kernel-source-6.4.0-150700.53.25.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2025-4363 Security update for postgresql17, postgresql18 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 libpq5-18.1-150600.13.3.1.x86_64.rpm postgresql-18-150700.23.3.1.noarch.rpm postgresql-18-150700.23.3.1.src.rpm postgresql17-17.7-150600.13.19.1.src.rpm postgresql17-17.7-150600.13.19.1.x86_64.rpm postgresql18-18.1-150600.13.3.1.src.rpm postgresql18-18.1-150600.13.3.1.x86_64.rpm libpq5-32bit-18.1-150600.13.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4326 Recommended update for runc moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library": * libseccomp: The versions of these libraries were not modified from their upstream versions runc-1.3.4-150000.88.1.src.rpm runc-1.3.4-150000.88.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4319 Security update for cups important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. cups-2.2.7-150000.3.80.1.src.rpm cups-2.2.7-150000.3.80.1.x86_64.rpm cups-client-2.2.7-150000.3.80.1.x86_64.rpm cups-config-2.2.7-150000.3.80.1.x86_64.rpm cups-devel-2.2.7-150000.3.80.1.x86_64.rpm libcups2-2.2.7-150000.3.80.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.80.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.80.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.80.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.80.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4341 Recommended update for clamav moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for clamav fixes the following issues: New version: 1.5.1: * Fixed a significant performance issue when scanning some PE files. * Fixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file option. * Improved performance when scanning TNEF email attachments. * Fixed an issue with recording metadata for OOXML office documents. * Fixed an issue with signature matches for VBA in OLE2 office documents. * Loosened overly restrictive rules for embedded file identification and increased the limit for finding PE files embedded in other PE files. * Fixed an issue with extracting some RAR archives embedded in other files. * Fixed an issue with calculating fuzzy hashes affecting some images by updating the version for several Rust library dependencies. New version 1.5.0: * Added checks to determine if an OLE2-based Microsoft Office document is encrypted. * Added the ability to record URIs found in HTML if the generate-JSON-metadata feature is enabled. * Added the ability to record URIs found in PDFs if the generate-JSON-metadata feature is enabled. * Added regex support for the clamd.conf OnAccessExcludePath config option. * Added CVD signing/verification with external .sign files. * Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like limits disabling MD5 and SHA1 from being used for verifying digital signatures or for being used to trust a file when checking for false positives * ClamD: Added an option to disable select administrative commands including SHUTDOWN, RELOAD, STATS and VERSION. * libclamav: Added extended hashing functions with a "flags" parameter that allows the caller to choose if they want to bypass FIPS hash algorithm limits. * See the release announcement for the full list of changes: https://blog.clamav.net/2025/10/clamav-150-released.html - Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter, and clamonacc. - clamd: Add an option to toggle SHUTDOWN, RELOAD, STATS and VERSION. (bsc#1240363,) clamav-1.5.1-150600.18.22.1.src.rpm clamav-1.5.1-150600.18.22.1.x86_64.rpm clamav-devel-1.5.1-150600.18.22.1.x86_64.rpm clamav-docs-html-1.5.1-150600.18.22.1.noarch.rpm clamav-milter-1.5.1-150600.18.22.1.x86_64.rpm libclamav12-1.5.1-150600.18.22.1.x86_64.rpm libclammspack0-1.5.1-150600.18.22.1.x86_64.rpm libfreshclam4-1.5.1-150600.18.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4349 Recommended update for libX11 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) libX11-1.8.10-150700.4.3.1.src.rpm libX11-6-1.8.10-150700.4.3.1.x86_64.rpm libX11-data-1.8.10-150700.4.3.1.noarch.rpm libX11-devel-1.8.10-150700.4.3.1.x86_64.rpm libX11-xcb1-1.8.10-150700.4.3.1.x86_64.rpm libX11-6-32bit-1.8.10-150700.4.3.1.x86_64.rpm libX11-xcb1-32bit-1.8.10-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4368 Security update for python3 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). libpython3_6m1_0-3.6.15-150300.10.100.1.x86_64.rpm python3-3.6.15-150300.10.100.1.src.rpm python3-3.6.15-150300.10.100.1.x86_64.rpm python3-base-3.6.15-150300.10.100.1.x86_64.rpm python3-core-3.6.15-150300.10.100.1.src.rpm python3-curses-3.6.15-150300.10.100.1.x86_64.rpm python3-dbm-3.6.15-150300.10.100.1.x86_64.rpm python3-devel-3.6.15-150300.10.100.1.x86_64.rpm python3-idle-3.6.15-150300.10.100.1.x86_64.rpm python3-tk-3.6.15-150300.10.100.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4390 Security update for rhino moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rhino fixes the following issues: Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing specific numbers via the `toFixed()` function (bsc#1254481). Other changes and issues fixed: - Version 1.7.15: * Basic support for "rest parameters". * Improvements in Unicode support. * "Symbol.species" implemented in many places. * More correct property ordering in many places. * Miscellaneous improvements and bug fixes. rhino-1.7.15.1-150200.12.7.1.noarch.rpm rhino-1.7.15.1-150200.12.7.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4425 Security update for cups moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). cups-2.2.7-150000.3.83.1.src.rpm cups-2.2.7-150000.3.83.1.x86_64.rpm cups-client-2.2.7-150000.3.83.1.x86_64.rpm cups-config-2.2.7-150000.3.83.1.x86_64.rpm cups-devel-2.2.7-150000.3.83.1.x86_64.rpm libcups2-2.2.7-150000.3.83.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.83.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.83.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.83.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.83.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-17 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555) libsoup-3.4.4-150600.3.21.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.21.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.21.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.21.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4432 Security update for libpng12 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng12 fixes the following issues: - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) libpng12-0-1.2.57-150000.4.3.1.x86_64.rpm libpng12-1.2.57-150000.4.3.1.src.rpm libpng12-devel-1.2.57-150000.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4494 Security update for libpng16 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) libpng16-1.6.40-150600.3.3.1.src.rpm libpng16-16-1.6.40-150600.3.3.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.3.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4409 Recommended update for haveged important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for haveged fixes the following issues: - Fix: haveged is marked as deleted after reboot (bsc#1222296) - Fix: zypper ps shows haveged is makred as deleted after reboot (bsc#1165294) - Remove haveged-switch-root.service - Add haveged-once.service - Add patch files introducing the '--once' flag. haveged-1.9.14-150600.11.3.1.src.rpm haveged-1.9.14-150600.11.3.1.x86_64.rpm haveged-devel-1.9.14-150600.11.3.1.x86_64.rpm libhavege2-1.9.14-150600.11.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-21 Security update for webkit2gtk3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208). - CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). - CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). - CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167). - CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254168). - CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254169). - CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1254174). - CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254172). - CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254170). - CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254171). - CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254179). - CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254177). - CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254176). - CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254498). - CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). - CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). - CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). - CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). - CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). - CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). - CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254509). Other issues fixed and changes: - Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. - Version 2.50.3: * Fix seeking and looping of media elements that set the "loop" property. * Fix several crashes and rendering issues. - Version 2.50.2: * Prevent unsafe URI schemes from participating in media playback. * Make jsc_value_array_buffer_get_data() function introspectable. * Fix logging in to Google accounts that have a WebAuthn second factor configured. * Fix loading webkit://gpu when there are no threads configured for GPU rendering. * Fix rendering gradiants that use the CSS hue interpolation method. * Fix pasting image data from the clipboard. * Fix font-family selection when the font name contains spaces. * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc. * Fix capturing canvas snapshots in the Web Inspector. * Fix several crashes and rendering issues. - Fix a11y regression where AT-SPI roles were mapped incorrectly. WebKitGTK-4.0-lang-2.50.4-150600.12.54.1.noarch.rpm WebKitGTK-6.0-lang-2.50.4-150600.12.54.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1.x86_64.rpm libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1.x86_64.rpm libwebkitgtk-6_0-4-2.50.4-150600.12.54.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1.x86_64.rpm webkit2gtk3-soup2-2.50.4-150600.12.54.1.src.rpm webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1.x86_64.rpm webkit2gtk4-2.50.4-150600.12.54.1.src.rpm webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4434 Security update for poppler low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337) libpoppler-cpp0-24.03.0-150600.3.27.1.x86_64.rpm libpoppler-devel-24.03.0-150600.3.27.1.x86_64.rpm libpoppler-glib-devel-24.03.0-150600.3.27.1.x86_64.rpm libpoppler-glib8-24.03.0-150600.3.27.1.x86_64.rpm libpoppler135-24.03.0-150600.3.27.1.x86_64.rpm poppler-24.03.0-150600.3.27.1.src.rpm poppler-tools-24.03.0-150600.3.27.1.x86_64.rpm typelib-1_0-Poppler-0_18-24.03.0-150600.3.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4513 Optional update for python3-ldap low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3-ldap fixes the following issue: - ship package in correct versions to match the quarterly refresh. python-ldap-3.4.0-150400.8.1.src.rpm python3-ldap-3.4.0-150400.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4426 Security update for xkbcomp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xkbcomp fixes the following issues: - CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832). - CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832). - CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832). - CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832). xkbcomp-1.4.1-150000.3.6.1.src.rpm xkbcomp-1.4.1-150000.3.6.1.x86_64.rpm xkbcomp-devel-1.4.1-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4439 Security update for poppler low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for poppler fixes the following issues: - CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337) libpoppler89-0.79.0-150200.3.49.1.x86_64.rpm poppler-0.79.0-150200.3.49.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4420 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - readded kernel-6.18 patch still needed for cuda driver version 580.105.08 - update non-CUDA variant to version 580.119.02 (bsc#1254801) - fixed build against kernel 6.18 nv-prefer-signed-open-driver-580.105.08-150700.3.37.1.x86_64.rpm nvidia-open-driver-G06-signed-580.119.02-150700.3.37.1.src.rpm nvidia-open-driver-G06-signed-cuda-580.105.08-150700.3.37.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-150700.3.37.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.4.0_150700.53.22-150700.3.37.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.119.02-150700.3.37.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.119.02_k6.4.0_150700.53.22-150700.3.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-18 Security update for glib2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). glib2-2.78.6-150600.4.25.1.src.rpm glib2-devel-2.78.6-150600.4.25.1.x86_64.rpm glib2-lang-2.78.6-150600.4.25.1.noarch.rpm glib2-tools-2.78.6-150600.4.25.1.x86_64.rpm libgio-2_0-0-2.78.6-150600.4.25.1.x86_64.rpm libglib-2_0-0-2.78.6-150600.4.25.1.x86_64.rpm libgmodule-2_0-0-2.78.6-150600.4.25.1.x86_64.rpm libgobject-2_0-0-2.78.6-150600.4.25.1.x86_64.rpm libgthread-2_0-0-2.78.6-150600.4.25.1.x86_64.rpm libgio-2_0-0-32bit-2.78.6-150600.4.25.1.x86_64.rpm libglib-2_0-0-32bit-2.78.6-150600.4.25.1.x86_64.rpm libgmodule-2_0-0-32bit-2.78.6-150600.4.25.1.x86_64.rpm libgobject-2_0-0-32bit-2.78.6-150600.4.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4440 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-13499: Fixed Kafka dissector crash due to malformed packet (bsc#1254108). - CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows denial of service (bsc#1254472). libwireshark17-4.2.14-150600.18.32.1.x86_64.rpm libwiretap14-4.2.14-150600.18.32.1.x86_64.rpm libwsutil15-4.2.14-150600.18.32.1.x86_64.rpm wireshark-4.2.14-150600.18.32.1.src.rpm wireshark-4.2.14-150600.18.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4413 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2025-13499: Fixed Kafka dissector crash due to a malformed packet (bsc#1254108). - CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows a denial of service (bsc#1254472). wireshark-3.6.24-150000.3.127.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4501 Security update for taglib low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for taglib fixes the following issues: - CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing operations (bsc#1243499). libtag1-1.13.1-150600.3.3.1.x86_64.rpm taglib-1.13.1-150600.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-44 Security update for mozjs60 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038) - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037) - CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036) - CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602) libmozjs-60-60.9.0-150200.6.8.1.x86_64.rpm mozjs60-60.9.0-150200.6.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4518 Security update for apache2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) apache2-2.4.62-150700.4.9.1.src.rpm apache2-2.4.62-150700.4.9.1.x86_64.rpm apache2-prefork-2.4.62-150700.4.9.1.src.rpm apache2-prefork-2.4.62-150700.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4511 Security update for rsync moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rsync fixes the following issues: - CVE-2025-10158: Fixed out-of-bounds array access via negative index (bsc#1254441) rsync-3.2.7-150600.3.14.1.src.rpm rsync-3.2.7-150600.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-288 Security update for qemu important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too. - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494). - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - block/curl: fix curl internal handles handling (bsc#1252768). - [openSUSE][RPM] spec: qemu-vgabios is required on ppc (bsc#1230042). qemu-9.2.4-150700.3.11.1.src.rpm qemu-img-9.2.4-150700.3.11.1.x86_64.rpm qemu-pr-helper-9.2.4-150700.3.11.1.x86_64.rpm qemu-tools-9.2.4-150700.3.11.1.x86_64.rpm qemu-vmsr-helper-9.2.4-150700.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-46 Recommended update for scap-security-guide moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for scap-security-guide fixes the following issues: - updated to 0.1.79 (jsc#ECO-3319): * Add rhcos4 Profile for BSI Grundschutz * Create SLE15 general profile * Fix crypto policy settings in RHEL CIS profiles * Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles * Remove OCP STIG V1R1 * Remove OCP STIG V2R1 * Various updates for SLE 12/15 scap-security-guide-0.1.79-150000.1.103.1.noarch.rpm scap-security-guide-0.1.79-150000.1.103.1.src.rpm scap-security-guide-debian-0.1.79-150000.1.103.1.noarch.rpm scap-security-guide-redhat-0.1.79-150000.1.103.1.noarch.rpm scap-security-guide-ubuntu-0.1.79-150000.1.103.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2025-4529 Recommended update for lsscsi moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for lsscsi fixes the following issues: Update to release 0.32 (jsc#PED-13948): * improve NVMe device parsing (e.g. /dev/nvme0c1n2) * print nr_hw_queues when available for SCSI hosts * make WWN printing for NVMe more consistent with output from SCSI devices (e.g. with -u and -t) * logic to select best SCSI id (--scsi_id) to output * fix issue where host managed ZBC devices don't output their size. [Fix also for RBC and CD/DVD.] * exclude NVMe listings when --classic given * supply "-" for generic NVMe device one line output so 'lsscsi -gb' output is consistent [jsc Update to version 0.30: * add support for NVMe devices and controllers - to build without: ./configure --disable-nvme-supp - deselect at runtime: lsscsi --no-nvme - deselect SCSI devices at runtime: lsscsi N * add --brief for tuple + device_name(s) only * add --pdt (-D) for device type in hex * extend --size (-s) so when given three times the size as a logical block count is output * add --sz-lbs (-S) that is equivalent to '-sss' when used twice adds comma then logical block size * '-w' now decodes 128 bit WWN without truncation * /dev/disk/by-id/wwn- is not guaranteed to be persistent (or stable); instead use /dev/disk/by-id/scsi- * '-t' on a FC host was not printing the comma separator resulting in garbled output, fix - Lookup WWN using /dev/disk/by-id/scsi-* (bsc#1008935) - fixup display of 'lsscsi -t' (bsc#1047884) Update to new upstream release 0.29 (bsc#977572): * '-u' now decodes locally assigned UUIDs (spc5r08) * as last try use T10 Vendor ID for lu name * if no lu name found, print 'none' * change '-uuu' to output the full lu name followed by the normal fields (which were skipped before) * add 'U' option, same action as '-uuu' * '-UU' prefixes lu names with 'eui.', 'naa.', etc * if '-s' given twice, lu size is base 2 related * if very long [h:c:t:l] then append space * print_enclosure_device() for FCP may be useless, comment out while checking ... * with '-t' print 0x0000000000000000 for non-SAS device in SAS domain Update to new upstream release 0.28: * fix handling of scsi_level 0 (no compliance) * add SRP transport identifier * add --unit option for LU identifier (>= lk 3.15) * add (S)ATA transport identifier (>= lk 3.15) * make USB transport ids more consistent * fix FC transport id missing comma * add pdt strings for security manager and zbc lsscsi-0.32-150700.17.3.1.src.rpm lsscsi-0.32-150700.17.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-27 Security update for python3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) libpython3_6m1_0-3.6.15-150300.10.103.1.x86_64.rpm python3-3.6.15-150300.10.103.1.src.rpm python3-3.6.15-150300.10.103.1.x86_64.rpm python3-base-3.6.15-150300.10.103.1.x86_64.rpm python3-core-3.6.15-150300.10.103.1.src.rpm python3-curses-3.6.15-150300.10.103.1.x86_64.rpm python3-dbm-3.6.15-150300.10.103.1.x86_64.rpm python3-devel-3.6.15-150300.10.103.1.x86_64.rpm python3-idle-3.6.15-150300.10.103.1.x86_64.rpm python3-tk-3.6.15-150300.10.103.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-48 Recommended update for pciutils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) libpci3-3.13.0-150300.13.12.1.x86_64.rpm pciutils-3.13.0-150300.13.12.1.src.rpm pciutils-3.13.0-150300.13.12.1.x86_64.rpm pciutils-devel-3.13.0-150300.13.12.1.x86_64.rpm libpci3-32bit-3.13.0-150300.13.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-52 Security update for curl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). curl-8.14.1-150700.7.8.1.src.rpm curl-8.14.1-150700.7.8.1.x86_64.rpm libcurl-devel-8.14.1-150700.7.8.1.x86_64.rpm libcurl4-8.14.1-150700.7.8.1.x86_64.rpm libcurl4-32bit-8.14.1-150700.7.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-28 Security update for alloy important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251509). - CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253609). - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251716). Other updates and bugfixes: - Version 1.12.1: * Bugfixes - update to Beyla 2.7.10. - Version 1.12.0: * Breaking changes - `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component ID instead of the hostname as their instance label in their exported metrics. * Features - (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush jobs. - (Experimental) Additions to experimental `database_observability.mysql` component: - `explain_plans` - collector now changes schema before returning the connection to the pool. - collector now passes queries more permissively. - enable `explain_plans` collector by default - (Experimental) Additions to experimental `database_observability.postgres` component: - `explain_plans` - added the explain plan collector. - collector now passes queries more permissively. - `query_samples` - add user field to wait events within `query_samples` collector. - rework the query samples collector to buffer per-query execution state across scrapes and emit finalized entries. - process turned idle rows to calculate finalization times precisely and emit first seen idle rows. - `query_details` - escape queries coming from `pg_stat_statements` with quotes. - enable `explain_plans` collector by default. - safely generate `server_id` when UDP socket used for database connection. - add table registry and include "validated" in parsed table name logs. - Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud Pub/Sub topic. - Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata. - Send remote config status to the remote server for the `remotecfg` service. - Send effective config to the remote server for the `remotecfg` service. - Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting both the query ID and the full SQL statement. The new block includes one option to enable statement selection, and another to configure the maximum length of the statement text. - Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values. - Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing. - Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode. - Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns. - Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular expression. - OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0. - See the upstream [core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md) and [contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md) changelogs for more details. - A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them into a Mimir instance. - Mark `stage.windowsevent` block in the `loki.process` component as GA. * Enhancements - Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one application from consuming the rate limit quota of others. - Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and `pyroscope.receive_http`. - Remove `SendSIGKILL=no` from unit files and recommendations. - Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage. - Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from `prometheus.relabel`. - `prometheus.exporter.postgres` dependency has been updated to v0.18.1. - Update Beyla component to 2.7.8. - Support delimiters in `stage.luhn`. - `pyroscope.java`: update `async-profiler` to 4.2. - `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector. - `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2. - `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata labels for use by downstream components. - Rework underlying framework of Alloy UI to use Vite instead of Create React App. - Use POST requests for remote config requests to avoid hitting http2 header limits. - `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after `graceful_shutdown_timeout` has expired. - `kubernetes.discovery`: Add support for attaching namespace metadata. - Add `meta_cache_address` to `beyla.ebpf` component. * Bugfixes - Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps. - Fix direction of arrows for pyroscope components in UI graph. - Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn. - Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument. - Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing series ref links to be updated if they change. - Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors. - Fix issue in `loki.source.file` where scheduling files could take too long. - Fix `loki.write` no longer includes internal labels __. - Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`. - `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to true. - `loki.source.file` has better support for non-UTF-8 encoded files. - Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client. - Optionally remove trailing newlines before appending entries in `stage.multiline`. - `loki.source.api` no longer drops request when relabel rules drops a specific stream. alloy-1.12.1-150700.15.12.1.src.rpm alloy-1.12.1-150700.15.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-56 Recommended update for sssd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Fix sssctl config-check exit code when the conf.d snippets directory does not exist (bsc#1230348) libipa_hbac-devel-2.9.3-150700.9.12.1.x86_64.rpm libipa_hbac0-2.9.3-150700.9.12.1.x86_64.rpm libsss_certmap-devel-2.9.3-150700.9.12.1.x86_64.rpm libsss_certmap0-2.9.3-150700.9.12.1.x86_64.rpm libsss_idmap-devel-2.9.3-150700.9.12.1.x86_64.rpm libsss_idmap0-2.9.3-150700.9.12.1.x86_64.rpm libsss_nss_idmap-devel-2.9.3-150700.9.12.1.x86_64.rpm libsss_nss_idmap0-2.9.3-150700.9.12.1.x86_64.rpm libsss_simpleifp-devel-2.9.3-150700.9.12.1.x86_64.rpm libsss_simpleifp0-2.9.3-150700.9.12.1.x86_64.rpm python3-sssd-config-2.9.3-150700.9.12.1.x86_64.rpm sssd-2.9.3-150700.9.12.1.src.rpm sssd-2.9.3-150700.9.12.1.x86_64.rpm sssd-ad-2.9.3-150700.9.12.1.x86_64.rpm sssd-dbus-2.9.3-150700.9.12.1.x86_64.rpm sssd-ipa-2.9.3-150700.9.12.1.x86_64.rpm sssd-kcm-2.9.3-150700.9.12.1.x86_64.rpm sssd-krb5-2.9.3-150700.9.12.1.x86_64.rpm sssd-krb5-common-2.9.3-150700.9.12.1.x86_64.rpm sssd-ldap-2.9.3-150700.9.12.1.x86_64.rpm sssd-proxy-2.9.3-150700.9.12.1.x86_64.rpm sssd-tools-2.9.3-150700.9.12.1.x86_64.rpm sssd-winbind-idmap-2.9.3-150700.9.12.1.x86_64.rpm sssd-32bit-2.9.3-150700.9.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-64 Recommended update for libmicrohttpd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libmicrohttpd fixes the following issues: - Fix: libmicrohttpd 0.9.77: test_tricky_url fails during %check (bsc#1254301). libmicrohttpd-0.9.77-150600.3.6.1.src.rpm libmicrohttpd12-0.9.77-150600.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-279 Security update for libvirt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278) libvirt-11.0.0-150700.4.13.1.src.rpm libvirt-libs-11.0.0-150700.4.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-63 Security update for libpcap low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). libpcap-1.10.5-150700.3.7.1.src.rpm libpcap-devel-1.10.5-150700.3.7.1.x86_64.rpm libpcap1-1.10.5-150700.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-249 Recommended update for libwebp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libwebp ships the commandline tools to Package Hub. libwebp-1.0.3-150200.3.14.1.src.rpm libwebp-devel-1.0.3-150200.3.14.1.x86_64.rpm libwebp7-1.0.3-150200.3.14.1.x86_64.rpm libwebpdecoder3-1.0.3-150200.3.14.1.x86_64.rpm libwebpdemux2-1.0.3-150200.3.14.1.x86_64.rpm libwebpmux3-1.0.3-150200.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-257 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418) - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). libsoup-3.4.4-150600.3.28.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.28.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.28.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-253 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64.rpm libsoup2-2.74.3-150600.4.19.1.src.rpm libsoup2-devel-2.74.3-150600.4.19.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.19.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-254 Security update for log4j moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for log4j fixes the following issues: Security fixes: - CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack (bsc#1255427) Other fixes: - Upgrade to 2.18.0 * Added + Add support for Jakarta Mail API in the SMTP appender. + Add support for custom Log4j 1.x levels. + Add support for adding and retrieving appenders in Log4j 1.x bridge. + Add support for custom LMAX disruptor WaitStrategy configuration. + Add support for Apache Extras' RollingFileAppender in Log4j 1.x bridge. + Add MutableThreadContextMapFilter. + Add support for 24 colors in highlighting * Changed + Improves ServiceLoader support on servlet containers. + Make the default disruptor WaitStrategy used by Async Loggers garbage-free. + Do not throw UnsupportedOperationException when JUL ApiLogger::setLevel is called. + Support Spring 2.6.x. + Move perf tests to log4j-core-its + Upgrade the Flume Appender to Flume 1.10.0 * Fixed + Fix minor typo #792. + Improve validation and reporting of configuration errors. + Allow enterprise id to be an OID fragment. + Fix problem with non-uppercase custom levels. + Avoid ClassCastException in JeroMqManager with custom LoggerContextFactory #791. + DirectWriteRolloverStrategy should use the current time when creating files. + Fixes the syslog appender in Log4j 1.x bridge, when used with a custom layout. + log4j-1.2-api 2.17.2 throws NullPointerException while removing appender with name as null. + Improve JsonTemplateLayout performance. + Fix resolution of non-Log4j properties. + Fixes Spring Boot logging system registration in a multi-application environment. + JAR file containing Log4j configuration isn’t closed. + Properties defined in configuration using a value attribute (as opposed to element) are read correctly. + Syslog appender lacks the SocketOptions setting. + Log4j 1.2 bridge should not wrap components unnecessarily. + Update 3rd party dependencies for 2.18.0. + SizeBasedTriggeringPolicy would fail to rename files properly when integer pattern contained a leading zero. + Fixes default SslConfiguration, when a custom keystore is used. + Fixes appender concurrency problems in Log4j 1.x bridge. + Fix and test for race condition in FileUtils.mkdir(). + LocalizedMessage logs misleading errors on the console. + Add missing message parameterization in RegexFilter. + Add the missing context stack to JsonLayout template. + HttpWatcher did not pass credentials when polling. + UrlConnectionFactory.createConnection now accepts an AuthorizationProvider as a parameter. + The DirectWriteRolloverStrategy was not detecting the correct index to use during startup. + Async Loggers were including the location information by default. + ClassArbiter’s newBuilder method referenced the wrong class. + Don’t use Paths.get() to avoid circular file systems. + Fix parsing error, when XInclude is disabled. + Fix LevelRangeFilterBuilder to align with log4j1’s behavior. + Fixes problem with wrong ANSI escape code for bright colors + Log4j 1.2 bridge should generate Log4j 2.x messages based on the parameter runtime type. - Update to 2.19.0 * Added + Add implementation of SLF4J2 fluent API. + Add support for SLF4J2 stack-valued MDC. * Changed + Add getExplicitLevel method to LoggerConfig. + Allow PropertySources to be added. + Allow Plugins to be injected with the LoggerContext reference. * Fixed + Add correct manifest entries for OSGi to log4j-jcl + Improve support for passwordless keystores. + SystemPropertyArbiter was assigning the value as the name. + Make JsonTemplateLayout stack trace truncation operate for each label block. + Fix recursion between Log4j 1.2 LogManager and Category. + Fix resolution of properties not starting with log4j2.. + Logger$PrivateConfig.filter(Level, Marker, String) was allocating empty varargs array. + Allows a space separated list of style specifiers in the %style pattern for consistency with %highlight. + Fix NPE in log4j-to-jul in the case the root logger level is null. + Fix RollingRandomAccessFileAppender with DirectWriteRolloverStrategy can’t create the first log file of different directory. + Generate new SSL certs for testing. + Fix ServiceLoaderUtil behavior in the presence of a SecurityManager. + Fix regression in Rfc5424Layout default values. + Harden InstantFormatter against delegate failures. + Add async support to Log4jServletFilter. * Removed + Removed build page in favor of a single build instructions file. + Remove SLF4J 1.8.x binding. - Update to 2.20.0 * Added + Add support for timezones in RollingFileAppender date pattern + Add LogEvent timestamp to ProducerRecord in KafkaAppender + Add PatternLayout support for abbreviating the name of all logger components except the 2 rightmost + Removes internal field that leaked into public API. + Add a LogBuilder#logAndGet() method to emulate the Logger#traceEntry method. * Changed + Simplify site generation + Switch the issue tracker from JIRA to GitHub Issues + Remove liquibase-log4j2 maven module + Fix order of stacktrace elements, that causes cache misses in ThrowableProxyHelper. + Switch from com.sun.mail to Eclipse Angus. + Add Log4j2 Core as default runtime dependency of the SLF4J2-to-Log4j2 API bridge. + Replace maven-changes-plugin with a custom changelog implementation + Moved log4j-api and log4j-core artifacts with classifier tests to log4j-api-test and log4j-core-test respectively. * Deprecated + Deprecate support for package scanning for plugins * Fixed + Copy programmatically supplied location even if includeLocation="false". + Eliminate status logger warning, when disableAnsi or noConsoleNoAnsi is used the style and highlight patterns. + Fix detection of location requirements in RewriteAppender. + Replace regex with manual code to escape characters in Rfc5424Layout. + Fix java.sql.Time object formatting in MapMessage + Fix previous fire time computation in CronTriggeringPolicy + Correct default to not include location for AsyncRootLoggers + Make StatusConsoleListener use SimpleLogger internally. + Lazily evaluate the level of a SLF4J LogEventBuilder + Fixes priority of Legacy system properties, which are now back to having higher priority than Environment variables. + Protects ServiceLoaderUtil from unchecked ServiceLoader exceptions. + Fix Configurator#setLevel for internal classes + Fix level propagation in Log4jBridgeHandler + Disable OsgiServiceLocator if not running in OSGI container. + When using a Date Lookup in the file pattern the current time should be used. + Fixed LogBuilder filtering in the presence of global filters. log4j-2.20.0-150200.4.30.1.noarch.rpm log4j-2.20.0-150200.4.30.1.src.rpm log4j-javadoc-2.20.0-150200.4.30.1.noarch.rpm log4j-jcl-2.20.0-150200.4.30.1.noarch.rpm log4j-slf4j-2.20.0-150200.4.30.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-221 Security update for curl moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). curl-8.14.1-150700.7.11.1.src.rpm curl-8.14.1-150700.7.11.1.x86_64.rpm libcurl-devel-8.14.1-150700.7.11.1.x86_64.rpm libcurl4-8.14.1-150700.7.11.1.x86_64.rpm libcurl4-32bit-8.14.1-150700.7.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-222 Security update for python-tornado important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905). - CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904). python-tornado-4.5.3-150000.3.13.1.src.rpm python3-tornado-4.5.3-150000.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-314 Security update for python311 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997). - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400). - CVE-2025-13837: protect against OOM when loading malicious content (bsc#1254401). libpython3_11-1_0-3.11.14-150600.3.41.2.x86_64.rpm python311-base-3.11.14-150600.3.41.2.x86_64.rpm python311-core-3.11.14-150600.3.41.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-243 Security update for librsvg moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for librsvg fixes the following issues: Update to version 2.57.4 - bsc#1243867: + CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded. + RUSTSEC-2024-0404 - Unsoundness in anstream. gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1.x86_64.rpm librsvg-2-2-2.57.4-150600.3.3.1.x86_64.rpm librsvg-2.57.4-150600.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-223 Security update for libsodium moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsodium fixes the following issues: - CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). libsodium-1.0.18-150000.4.11.1.src.rpm libsodium-devel-1.0.18-150000.4.11.1.x86_64.rpm libsodium23-1.0.18-150000.4.11.1.x86_64.rpm libsodium23-32bit-1.0.18-150000.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-224 Security update for libtasn1 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). libtasn1-4.13-150000.4.14.1.src.rpm libtasn1-4.13-150000.4.14.1.x86_64.rpm libtasn1-6-4.13-150000.4.14.1.x86_64.rpm libtasn1-devel-4.13-150000.4.14.1.x86_64.rpm libtasn1-6-32bit-4.13-150000.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-215 Security update for gpg2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix a memory leak in gpg2 agent (bsc#1256243). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). dirmngr-2.4.4-150600.3.12.1.x86_64.rpm gpg2-2.4.4-150600.3.12.1.src.rpm gpg2-2.4.4-150600.3.12.1.x86_64.rpm gpg2-lang-2.4.4-150600.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-225 Security update for net-snmp important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for net-snmp fixes the following issues: - CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491). libsnmp30-5.7.3-150100.10.15.1.x86_64.rpm net-snmp-5.7.3-150100.10.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-228 Security update for net-snmp important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for net-snmp fixes the following issues: - CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491) libsnmp40-5.9.4-150600.24.10.1.x86_64.rpm net-snmp-5.9.4-150600.24.10.1.src.rpm net-snmp-5.9.4-150600.24.10.1.x86_64.rpm net-snmp-devel-5.9.4-150600.24.10.1.x86_64.rpm perl-SNMP-5.9.4-150600.24.10.1.x86_64.rpm snmp-mibs-5.9.4-150600.24.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-230 Security update for util-linux moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). libblkid-devel-2.40.4-150700.4.3.1.x86_64.rpm libblkid-devel-static-2.40.4-150700.4.3.1.x86_64.rpm libblkid1-2.40.4-150700.4.3.1.x86_64.rpm libfdisk-devel-2.40.4-150700.4.3.1.x86_64.rpm libfdisk1-2.40.4-150700.4.3.1.x86_64.rpm libmount-devel-2.40.4-150700.4.3.1.x86_64.rpm libmount1-2.40.4-150700.4.3.1.x86_64.rpm libsmartcols-devel-2.40.4-150700.4.3.1.x86_64.rpm libsmartcols1-2.40.4-150700.4.3.1.x86_64.rpm libuuid-devel-2.40.4-150700.4.3.1.x86_64.rpm libuuid-devel-static-2.40.4-150700.4.3.1.x86_64.rpm libuuid1-2.40.4-150700.4.3.1.x86_64.rpm util-linux-2.40.4-150700.4.3.1.src.rpm util-linux-2.40.4-150700.4.3.1.x86_64.rpm util-linux-lang-2.40.4-150700.4.3.1.noarch.rpm util-linux-systemd-2.40.4-150700.4.3.1.src.rpm util-linux-systemd-2.40.4-150700.4.3.1.x86_64.rpm util-linux-tty-tools-2.40.4-150700.4.3.1.x86_64.rpm libblkid1-32bit-2.40.4-150700.4.3.1.x86_64.rpm libmount1-32bit-2.40.4-150700.4.3.1.x86_64.rpm libuuid1-32bit-2.40.4-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-242 Recommended update for git moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for git fixes the following issue: - Revert incorrect AppArmor profile change, in SLE 15 the binaries remain in /usr/lib/git (bsc#1251224) git-2.51.0-150600.3.15.1.src.rpm git-core-2.51.0-150600.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-261 Recommended update for samba important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for samba fixes the following issues: - Fix testparm error handling the "sync machine password to keytab" option (bsc#1254439) - Fix Samba printers reporting invalid sid during print jobs (bsc#1234210, bsc#1254926) - samba-bgqd can't find [printers] share (bsc#1254586) ldb-tools-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm libldb-devel-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm libldb2-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm python3-ldb-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-4.21.10+git.449.dcced69e1b5-150700.3.19.1.src.rpm samba-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-ceph-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-client-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-client-libs-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-dcerpc-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-devel-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-gpupdate-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-ldb-ldap-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-libs-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-libs-python3-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-python3-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-tool-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-winbind-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-winbind-libs-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm libldb2-32bit-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-client-libs-32bit-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-libs-32bit-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm samba-winbind-libs-32bit-4.21.10+git.449.dcced69e1b5-150700.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-272 Recommended update for libpfm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpfm fixes the following issues: - s390: Add counter definition for IBM z17 (jsc#PED-13665) libpfm-4.13.0-150600.3.3.1.src.rpm libpfm-devel-4.13.0-150600.3.3.1.x86_64.rpm libpfm4-4.13.0-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-256 Security update for openldap2_5 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openldap2_5 fixes the following issues: Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297) Other fixes: - Update to version 2.5.20+11: * ITS#10421 mdb_load: check for malicious input libldap-2_5-0-2.5.20+11-150500.11.38.1.x86_64.rpm openldap2_5-2.5.20+11-150500.11.38.1.src.rpm openldap2_5-client-2.5.20+11-150500.11.38.1.x86_64.rpm openldap2_5-devel-2.5.20+11-150500.11.38.1.x86_64.rpm openldap2_5-doc-2.5.20+11-150500.11.38.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-241 Recommended update for libHBAAPI2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libHBAAPI2 fixes the following issues: - use %license tag for COPYING [bsc#1252158] libHBAAPI2-2.2.10-150000.3.3.1.src.rpm libHBAAPI2-2.2.10-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-294 Recommended update for suse-migration-services moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-migration-services ships the correct 2.1.29 version. python3-migration-2.1.29-150700.15.18.2.noarch.rpm suse-migration-pre-checks-2.1.29-150700.15.18.2.noarch.rpm suse-migration-services-2.1.29-150700.15.18.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-217 Security update for keylime critical SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for keylime fixes the following issues: - CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity (bsc#1254199). keylime-6.3.2-150400.4.23.1.src.rpm keylime-agent-6.3.2-150400.4.23.1.noarch.rpm keylime-config-6.3.2-150400.4.23.1.noarch.rpm keylime-firewalld-6.3.2-150400.4.23.1.noarch.rpm keylime-logrotate-6.3.2-150400.4.23.1.noarch.rpm keylime-registrar-6.3.2-150400.4.23.1.noarch.rpm keylime-tpm_cert_store-6.3.2-150400.4.23.1.noarch.rpm keylime-verifier-6.3.2-150400.4.23.1.noarch.rpm python3-keylime-6.3.2-150400.4.23.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-240 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - fix build for sle15-sp4 - update non-CUDA variant to version 580.126.09 (bsc#1255858) nv-prefer-signed-open-driver-580.105.08-150700.3.40.1.x86_64.rpm nvidia-open-driver-G06-signed-580.126.09-150700.3.40.1.src.rpm nvidia-open-driver-G06-signed-cuda-580.105.08-150700.3.40.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-150700.3.40.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.4.0_150700.53.25-150700.3.40.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.126.09-150700.3.40.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.09_k6.4.0_150700.53.25-150700.3.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-324 Recommended update for supportutils important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for supportutils fixes the following issues: - Changes to version 3.2.12 * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11 * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates supportutils-3.2.12.2-150600.3.9.1.noarch.rpm supportutils-3.2.12.2-150600.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-259 Security update for avahi moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) avahi-0.8-150600.15.12.1.src.rpm avahi-0.8-150600.15.12.1.x86_64.rpm avahi-compat-howl-devel-0.8-150600.15.12.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150600.15.12.1.x86_64.rpm avahi-glib2-0.8-150600.15.12.1.src.rpm avahi-lang-0.8-150600.15.12.1.noarch.rpm avahi-utils-0.8-150600.15.12.1.x86_64.rpm libavahi-client3-0.8-150600.15.12.1.x86_64.rpm libavahi-common3-0.8-150600.15.12.1.x86_64.rpm libavahi-core7-0.8-150600.15.12.1.x86_64.rpm libavahi-devel-0.8-150600.15.12.1.x86_64.rpm libavahi-glib-devel-0.8-150600.15.12.1.x86_64.rpm libavahi-glib1-0.8-150600.15.12.1.x86_64.rpm libavahi-gobject0-0.8-150600.15.12.1.x86_64.rpm libavahi-libevent1-0.8-150600.15.12.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150600.15.12.1.x86_64.rpm libdns_sd-0.8-150600.15.12.1.x86_64.rpm libhowl0-0.8-150600.15.12.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150600.15.12.1.x86_64.rpm libavahi-client3-32bit-0.8-150600.15.12.1.x86_64.rpm libavahi-common3-32bit-0.8-150600.15.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-315 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864). - CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854). - CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856). - CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082). - CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297). - CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830). - CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825). - CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030). - CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042). - CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175). - CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039). - CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794). - CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081). - CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273). - CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318). - CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097). - CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242). - CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224). - CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142). - CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227). - CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230). - CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272). - CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). - CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380). - CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121). - CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507). - CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614). - CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707). - CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709). The following non security issues were fixed: - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (stable-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ASoC: ak4458: remove the reset operation in probe and remove (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (git-fixes). - ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes). - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: btrtl: Avoid loading the config file on security chips (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (git-fixes). - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: hid-alps: Fix packet format section headings (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (stable-fixes). - HID: elecom: Add support for ELECOM M-XT3URBK (018F) (stable-fixes). - HID: hid-input: Extend Elan ignore battery quirk to USB (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255463). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - Revert "drm/amd/display: Fix pbn to kbps Conversion" (stable-fixes). - Revert "drm/amd/display: Move setup_stream_attribute" (stable-fixes). - Revert "drm/amd: Skip power ungate during suspend for VPE" (git-fixes). - Revert "mtd: rawnand: marvell: fix layouts" (git-fixes). - Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" (jsc#PED-14353). - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" (jsc#PED-14353). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - USB: serial: ftdi_sio: match on interface number for jtag (stable-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: option: add Foxconn T99W760 (stable-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 new compositions (stable-fixes). - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: serial: option: move Telit 0x10c7 composition in the right place (stable-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - accel/ivpu: Fix DCT active percent format (git-fixes). - accel/ivpu: Fix race condition when unbinding BOs (git-fixes). - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes). - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - bpf: Reject bpf_timer for PREEMPT_RT (git-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - clk: samsung: exynos-clkout: Assign .num before accessing .hws (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - dm-verity: fix unreliable memory allocation (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes (stable-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 (stable-fixes). - drm/amd/display: Don't change brightness for disabled connectors (stable-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/amd/display: Fix pbn to kbps Conversion (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes). - drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Insert dccg log for easy debug (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched (git-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - drm/amd/display: avoid reset DTBCLK at clock init (stable-fixes). - drm/amd/display: disable DPP RCG before DPP CLK enable (stable-fixes). - drm/amd: Skip power ungate during suspend for VPE (stable-fixes). - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes). - drm/amdgpu: Forward VMID reservation errors (git-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (stable-fixes). - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes). - drm/amdkfd: Fix GPU mappings for APU after prefetch (stable-fixes). - drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes). - drm/amdkfd: Use huge page size to check split svm range alignment (git-fixes). - drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes). - drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes). - drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes). - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - drm/i915/dp: Initialize the source OUI write timestamp always (stable-fixes). - drm/i915/dp_mst: Disable Panel Replay (git-fixes). - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/i915: Fix format string truncation warning (git-fixes). - drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes). - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() (git-fixes). - drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mediatek: Fix probe device leaks (git-fixes). - drm/mediatek: Fix probe memory leak (git-fixes). - drm/mediatek: Fix probe resource leaks (git-fixes). - drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a6xx: Fix the gemnoc workaround (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/a6xx: Improve MX rail fallback in RPMH vote init (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - drm/nouveau: refactor deprecated strcpy (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - drm/panel: visionox-rm69299: Don't clear all mode flags (git-fixes). - drm/panthor: Avoid adding of kernel BOs to extobj list (git-fixes). - drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes). - drm/panthor: Fix group_free_queue() for partially initialized queues (git-fixes). - drm/panthor: Fix potential memleak of vma structure (git-fixes). - drm/panthor: Fix race with suspend during unplug (git-fixes). - drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (git-fixes). - drm/panthor: Handle errors returned by drm_sched_entity_init() (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() (git-fixes). - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes). - drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes). - drm/tilcdc: Fix removal actions in case of failed probe (git-fixes). - drm/tilcdc: request and mapp iomem with devres (stable-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes). - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes). - drm/xe/oa: Disallow 0 OA property values (git-fixes). - drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() (git-fixes). - drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes). - drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes). - drm/xe: Fix conversion from clock ticks to milliseconds (git-fixes). - drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes). - drm/xe: Prevent BIT() overflow when handling invalid prefetch region (git-fixes). - drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes). - drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes). - drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - efi/libstub: Avoid physical address 0x0 when doing random allocation (stable-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - efi: stmm: Fix incorrect buffer allocation method (git-fixes). - efi: stmm: fix kernel-doc "bad line" warnings (git-fixes). - exfat: add a check for invalid data size (git-fixes). - exfat: using hweight instead of internal logic (git-fixes). - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025). - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - i3c: fix refcount inconsistency in i3c_master_register (git-fixes). - i3c: master: Inherit DMA masks and parameters from parent device (stable-fixes). - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - ipmi: Rework user message limit handling (git-fixes). - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - media: atomisp: Prefix firmware paths with "intel/ipu/" (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: imx-mipi-csis: Drop extra clock enable at probe() (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT (stable-fixes). - media: ov5640: fix vblank unchange issue when work at dvp mode (git-fixes). - media: pci: ivtv: Don't create fake v4l2_fh (stable-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: qcom: camss: Fix genpd cleanup (git-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: qcom: camss: cleanup media device allocated resource on error path (git-fixes). - media: qcom: venus: fix incorrect return value (stable-fixes). - media: radio-isa: use dev_name to fill in bus_info (stable-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: s5p-mfc: Fix potential deadlock on condlock (stable-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4033 (stable-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: verisilicon: Store chroma and motion vectors offset (stable-fixes). - media: verisilicon: g2: Use common helpers to compute chroma and mv offsets (stable-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - mei: gsc: add dependency on Xe driver (git-fixes). - mei: me: add wildcat lake P DID (stable-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - most: usb: fix double free on late probe failure (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - net: r8169: Disable multicast filter for RTL8168H and RTL8107E (jsc#PED-14353). - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - netdevsim: print human readable IP address (bsc#1255071). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - orangefs: fix xattr related buffer overflow.. (git-fixes). - perf list: Add IBM z17 event descriptions (jsc#PED-13611). - perf/x86/intel: Fix KASAN global-out-of-bounds warning (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - pinctrl: qcom: msm: Fix deadlock in pinmux configuration (stable-fixes). - pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling (stable-fixes). - pinctrl: single: Fix incorrect type for error return variable (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - platform/x86: acer-wmi: Ignore backlight event (stable-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes). - platform/x86: huawei-wmi: add keys for HONOR models (stable-fixes). - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" (jsc#PED-14353). - r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY (jsc#PED-14353). - r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353). - r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353). - r8169: add generic rtl_set_eee_txidle_timer function (jsc#PED-14353). - r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b (jsc#PED-14353). - r8169: add support for Intel Killer E5000 (jsc#PED-14353). - r8169: add support for RTL8125BP rev.b (jsc#PED-14353). - r8169: add support for RTL8125D (jsc#PED-14353). - r8169: add support for RTL8125D rev.b (jsc#PED-14353). - r8169: add support for RTL8126A rev.b (jsc#PED-14353). - r8169: add support for RTL8168M (jsc#PED-14353). - r8169: add support for returning tx_lpi_timer in ethtool get_eee (jsc#PED-14353). - r8169: add support for the temperature sensor being available from RTL8125B (jsc#PED-14353). - r8169: adjust version numbering for RTL8126 (jsc#PED-14353). - r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353). - r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353). - r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353). - r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353). - r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353). - r8169: avoid unsolicited interrupts (jsc#PED-14353). - r8169: check for PCI read error in probe (jsc#PED-14353). - r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353). - r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353). - r8169: disable interrupt source RxOverflow (jsc#PED-14353). - r8169: don't apply UDP padding quirk on RTL8126A (jsc#PED-14353). - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (jsc#PED-14353). - r8169: don't scan PHY addresses > 0 (jsc#PED-14353). - r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353). - r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353). - r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353). - r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes). - r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353). - r8169: implement additional ethtool stats ops (jsc#PED-14353). - r8169: improve RTL8411b phy-down fixup (jsc#PED-14353). - r8169: improve __rtl8169_set_wol (jsc#PED-14353). - r8169: improve handling task scheduling (jsc#PED-14353). - r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353). - r8169: improve rtl_set_d3_pll_down (jsc#PED-14353). - r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353). - r8169: remove detection of chip version 11 (early RTL8168b) (jsc#PED-14353). - r8169: remove leftover locks after reverted change (jsc#PED-14353). - r8169: remove multicast filter limit (jsc#PED-14353). - r8169: remove not needed check in rtl_fw_write_firmware (jsc#PED-14353). - r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353). - r8169: remove redundant hwmon support (jsc#PED-14353). - r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353). - r8169: remove support for chip version 11 (jsc#PED-14353). - r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353). - r8169: set EEE speed down ratio to 1 (stable-fixes). - r8169: simplify EEE handling (jsc#PED-14353). - r8169: simplify code by using core-provided pcpu stats allocation (jsc#PED-14353). - r8169: support setting the EEE tx idle timer on RTL8168h (jsc#PED-14353). - r8169: use dev_err_probe in all appropriate places in rtl_init_one() (jsc#PED-14353). - r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - reset: fix BIT macro reference (stable-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Update driver version to 8.14.0.5.50 (bsc#1251752 jsc#PED-14280). - scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251752 jsc#PED-14280). - selftests/bpf: Skip timer cases when bpf_timer is not supported (git-fixes). - selftests/net: calibrate txtimestamp (bsc#1255085). - selftests/net: convert fcnal-test.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert fib-onlink-tests.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert fib_nexthop_multiprefix to run it in unique namespace (bsc#1254235). - selftests/net: convert fib_nexthop_nongw.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert fib_nexthops.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert fib_rule_tests.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert fib_tests.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it in unique namespace (bsc#1254235). - selftests/net: convert test_vxlan_vnifiltering.sh to run it in unique namespace (bsc#1255349). - selftests/net: convert vrf_route_leaking.sh to run it in unique namespace (bsc#1255349). - selftests/net: synchronize udpgro tests' tx and rx connection (bsc#1254235). - selftests: Introduce Makefile variable to list shared bash scripts (bsc#1254235). - selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES (bsc#1254235). - selftests: dsa: Replace test symlinks by wrapper script (bsc#1254235). - selftests: net: Remove executable bits from library scripts (bsc#1254235). - selftests: net: explicitly wait for listener ready (bsc#1254235). - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: include forwarding lib (bsc#1254235). - selftests: net: included needed helper in the install targets (bsc#1254235). - selftests: net: more strict check in net_helper (bsc#1254235). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - selftests: net: veth: test the ability to independently manipulate GRO and XDP (bsc#1255101). - selftests: team: Add shared library scripts to TEST_INCLUDES (bsc#1254235). - selftests: vrf_route_leaking: remove ipv6_ping_frag from default testing (bsc#1255349). - serial: add support of CPCI cards (stable-fixes). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - serial: core: Fix serial device initialization (git-fixes). - serial: core: Restore sysfs fwnode information (git-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - smc91x: fix broken irq-context in PREEMPT_RT (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - spi: imx: keep dma request disabled before dma transfer setup (stable-fixes). - spi: tegra210-qspi: Remove cache operations (git-fixes). - spi: tegra210-quad: Add support for internal DMA (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (git-fixes). - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155). - spi: tegra210-quad: Update dummy sequence configuration (git-fixes). - spi: xilinx: increase number of retries before declaring stall (stable-fixes). - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (stable-fixes). - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (stable-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477). - tracing: Fix access to trace_event_file (bsc#1254373). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - usb: ohci-nxp: Use helper function devm_clk_get_enabled() (stable-fixes). - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - virtio_console: fix order of fields cols and rows (stable-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - wifi: ath10k: Add missing include of export.h (stable-fixes). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - wifi: ath10k: move recovery check logic into a new work (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes). - wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (stable-fixes). - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (stable-fixes). - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes). - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (stable-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - xhci: dbgtty: fix device unregister (git-fixes). - xhci: fix stale flag preventig URBs after link state error is cleared (git-fixes). kernel-default-6.4.0-150700.53.28.1.nosrc.rpm True kernel-default-6.4.0-150700.53.28.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.28.1.150700.17.19.1.src.rpm True kernel-default-base-6.4.0-150700.53.28.1.150700.17.19.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.28.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.28.1.noarch.rpm True kernel-macros-6.4.0-150700.53.28.1.noarch.rpm True kernel-source-6.4.0-150700.53.28.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-234 Security update for libpng16 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525) - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). libpng16-1.6.40-150600.3.6.1.src.rpm libpng16-16-1.6.40-150600.3.6.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.6.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.6.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-235 Security update for busybox important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) - CVE-2025-60876: Fixed HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) Other issues: - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fixed unshare -mrpf sh core dump on ppc64le (bsc#1249237) busybox-1.37.0-150700.18.10.1.src.rpm busybox-1.37.0-150700.18.10.1.x86_64.rpm busybox-static-1.37.0-150700.18.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-237 Security update for wireshark moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: - CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734). - CVE-2026-0960: HTTP3 dissector infinite loop (bsc#1256736). - CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739). libwireshark17-4.2.14-150600.18.35.1.x86_64.rpm libwiretap14-4.2.14-150600.18.35.1.x86_64.rpm libwsutil15-4.2.14-150600.18.35.1.x86_64.rpm wireshark-4.2.14-150600.18.35.1.src.rpm wireshark-4.2.14-150600.18.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-430 Security update for python-pyasn1 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) python-pyasn1-0.4.2-150000.3.13.1.src.rpm python3-pyasn1-0.4.2-150000.3.13.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-329 Security update for xen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) xen-4.20.2_04-150700.3.22.1.src.rpm True xen-libs-4.20.2_04-150700.3.22.1.x86_64.rpm True xen-tools-domU-4.20.2_04-150700.3.22.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-348 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997) Feature Changes: * Add more information to the rndc recursing output about fetches. * Reduce the number of outgoing queries. * Provide more information when memory allocation fails. Bug Fixes: * Make DNSSEC key rollovers more robust. * Fix a catalog zone issue, where member zones could fail to load. * Allow glue in delegations with QTYPE=ANY. * Fix slow speed when signing a large delegation zone with NSEC3 opt-out. * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid. * Fix a possible catalog zone issue during reconfiguration. * Fix the charts in the statistics channel. * Adding NSEC3 opt-out records could leave invalid records in chain. * Fix spurious timeouts while resolving names. * Fix bug where zone switches from NSEC3 to NSEC after retransfer. * AMTRELAY type 0 presentation format handling was wrong. * Fix parsing bug in remote-servers with key or TLS. * Fix DoT reconfigure/reload bug in the resolver. * Skip unsupported algorithms when looking for a signing key. * Fix dnssec-keygen key collision checking for KEY RRtype keys. * dnssec-verify now uses exit code 1 when failing due to illegal options. * Prevent assertion failures of dig when a server is specified before the -b option. * Skip buffer allocations if not logging. bind-9.20.18-150700.3.15.1.src.rpm bind-utils-9.20.18-150700.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-887 Recommended update for python-prometheus-client moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-prometheus-client fixes the following issues: - Add python prometheus_client package (jsc#PED-14071) python-prometheus_client-0.7.1-150200.4.2.1.src.rpm python3-prometheus_client-0.7.1-150200.4.2.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-286 Security update for glib2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). glib2-2.78.6-150600.4.28.1.src.rpm glib2-devel-2.78.6-150600.4.28.1.x86_64.rpm glib2-lang-2.78.6-150600.4.28.1.noarch.rpm glib2-tools-2.78.6-150600.4.28.1.x86_64.rpm libgio-2_0-0-2.78.6-150600.4.28.1.x86_64.rpm libglib-2_0-0-2.78.6-150600.4.28.1.x86_64.rpm libgmodule-2_0-0-2.78.6-150600.4.28.1.x86_64.rpm libgobject-2_0-0-2.78.6-150600.4.28.1.x86_64.rpm libgthread-2_0-0-2.78.6-150600.4.28.1.x86_64.rpm libgio-2_0-0-32bit-2.78.6-150600.4.28.1.x86_64.rpm libglib-2_0-0-32bit-2.78.6-150600.4.28.1.x86_64.rpm libgmodule-2_0-0-32bit-2.78.6-150600.4.28.1.x86_64.rpm libgobject-2_0-0-32bit-2.78.6-150600.4.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-287 Security update for harfbuzz moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for harfbuzz fixes the following issues: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). harfbuzz-8.3.0-150600.3.3.1.src.rpm harfbuzz-devel-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz-cairo0-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz-gobject0-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz-icu0-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz-subset0-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz0-8.3.0-150600.3.3.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1.x86_64.rpm libharfbuzz0-32bit-8.3.0-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-309 Security update for openssl-3 critical SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64.rpm libopenssl3-3.2.3-150700.5.24.1.x86_64.rpm openssl-3-3.2.3-150700.5.24.1.src.rpm openssl-3-3.2.3-150700.5.24.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-327 Security update for alloy important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333): - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074) Other fixes: - Add missing configuration parameter deployment_name_from_replicaset to k8sattributes processor (5b90a9d) (@dehaansa) - database_observability: Fix schema_details collector to fetch column definitions with case sensitive table names (#4872) (560dff4) (@jharvey10, @fridgepoet) - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10) - deps: Update npm dependencies [backport] (#5201) (8e06c26) (@jharvey10) - Ensure the squid exporter wrapper properly brackets ipv6 addresses [backport] (#5205) (e329cc6) (@dehaansa) - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e) (@kalleep) - Prevent panic in import.git when update fails [backport] (#5204) (c82fbae) (@dehaansa, @jharvey10) - show correct fallback alloy version instead of v1.13.0 (#5110) (b72be99) (@dehaansa, @jharvey10) alloy-1.12.2-150700.15.15.1.src.rpm alloy-1.12.2-150700.15.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-330 Security update for openjpeg2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openjpeg2 fixes the following issues: - CVE-2023-39327: Fixed malicious files can cause a large loop that continuously prints warning messages on the terminal (bsc#1227412). libopenjp2-7-2.3.0-150000.3.24.1.x86_64.rpm openjpeg2-2.3.0-150000.3.24.1.src.rpm openjpeg2-2.3.0-150000.3.24.1.x86_64.rpm openjpeg2-devel-2.3.0-150000.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-331 Security update for openssl-1_1 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). libopenssl1_1-1.1.1w-150700.11.11.1.x86_64.rpm openssl-1_1-1.1.1w-150700.11.11.1.src.rpm libopenssl1_1-32bit-1.1.1w-150700.11.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-321 Recommended update for wicked2nm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wicked2nm rerelease it again to make it consistent across all architectures. wicked2nm-1.4.0-150700.15.10.1.src.rpm wicked2nm-1.4.0-150700.15.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-322 Recommended update for busybox moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for busybox ships missing subpackages. busybox-1.37.0-150700.18.12.1.src.rpm busybox-1.37.0-150700.18.12.1.x86_64.rpm busybox-static-1.37.0-150700.18.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-383 Security update for rekor moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rekor fixes the following issues: Security fixes: - CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory (bsc#1248910) - CVE-2025-29923: Fixed potential out of order responses when `CLIENT SETINFO` times out during connection establishment (bsc#1241153) Other fixes: - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 (jsc#SLE-23476) rekor-1.4.3-150400.4.28.1.src.rpm rekor-1.4.3-150400.4.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-368 Security update for libsodium moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764). libsodium-1.0.18-150000.4.14.1.src.rpm libsodium-devel-1.0.18-150000.4.14.1.x86_64.rpm libsodium23-1.0.18-150000.4.14.1.x86_64.rpm libsodium23-32bit-1.0.18-150000.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-605 Security update for libxml2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) - CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810) libxml2-2-2.12.10-150700.4.11.1.x86_64.rpm libxml2-2.12.10-150700.4.11.1.src.rpm libxml2-devel-2.12.10-150700.4.11.1.x86_64.rpm libxml2-python-2.12.10-150700.4.11.1.src.rpm libxml2-tools-2.12.10-150700.4.11.1.x86_64.rpm python3-libxml2-2.12.10-150700.4.11.1.x86_64.rpm libxml2-2-32bit-2.12.10-150700.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-374 Security update for protobuf moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). libprotobuf-lite25_1_0-25.1-150600.16.16.1.x86_64.rpm libprotobuf25_1_0-25.1-150600.16.16.1.x86_64.rpm libprotoc25_1_0-25.1-150600.16.16.1.x86_64.rpm protobuf-25.1-150600.16.16.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-371 Security update for glibc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). glibc-2.38-150600.14.40.1.src.rpm glibc-2.38-150600.14.40.1.x86_64.rpm glibc-devel-2.38-150600.14.40.1.x86_64.rpm glibc-extra-2.38-150600.14.40.1.x86_64.rpm glibc-i18ndata-2.38-150600.14.40.1.noarch.rpm glibc-info-2.38-150600.14.40.1.noarch.rpm glibc-lang-2.38-150600.14.40.1.noarch.rpm glibc-locale-2.38-150600.14.40.1.x86_64.rpm glibc-locale-base-2.38-150600.14.40.1.x86_64.rpm glibc-profile-2.38-150600.14.40.1.x86_64.rpm libnsl1-2.38-150600.14.40.1.x86_64.rpm nscd-2.38-150600.14.40.1.x86_64.rpm glibc-32bit-2.38-150600.14.40.1.x86_64.rpm glibc-locale-base-32bit-2.38-150600.14.40.1.x86_64.rpm libnsl1-32bit-2.38-150600.14.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-338 Security update for abseil-cpp moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve(), and rehash() methods of absl:{flat,node}hash{set,map} (bsc#1237543). abseil-cpp-20240116.3-150600.19.6.1.src.rpm abseil-cpp-devel-20240116.3-150600.19.6.1.x86_64.rpm libabsl2401_0_0-20240116.3-150600.19.6.1.x86_64.rpm libabsl2401_0_0-32bit-20240116.3-150600.19.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-342 Security update for java-25-openjdk important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.2+10 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15221). java-25-openjdk-25.0.2.0-150700.15.7.1.src.rpm java-25-openjdk-25.0.2.0-150700.15.7.1.x86_64.rpm java-25-openjdk-demo-25.0.2.0-150700.15.7.1.x86_64.rpm java-25-openjdk-devel-25.0.2.0-150700.15.7.1.x86_64.rpm java-25-openjdk-headless-25.0.2.0-150700.15.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-443 Security update for python-urllib3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). python-urllib3-1.25.10-150300.4.21.1.src.rpm python3-urllib3-1.25.10-150300.4.21.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-364 Security update for libpng16 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). libpng16-1.6.40-150600.3.9.1.src.rpm libpng16-16-1.6.40-150600.3.9.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.9.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.9.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-618 Security update for protobuf moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for protobuf fixes the following issues:i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). libprotobuf20-3.9.2-150200.4.30.1.x86_64.rpm protobuf-3.9.2-150200.4.30.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-373 Security update for glib2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). glib2-2.78.6-150600.4.35.1.src.rpm glib2-devel-2.78.6-150600.4.35.1.x86_64.rpm glib2-lang-2.78.6-150600.4.35.1.noarch.rpm glib2-tools-2.78.6-150600.4.35.1.x86_64.rpm libgio-2_0-0-2.78.6-150600.4.35.1.x86_64.rpm libglib-2_0-0-2.78.6-150600.4.35.1.x86_64.rpm libgmodule-2_0-0-2.78.6-150600.4.35.1.x86_64.rpm libgobject-2_0-0-2.78.6-150600.4.35.1.x86_64.rpm libgthread-2_0-0-2.78.6-150600.4.35.1.x86_64.rpm libgio-2_0-0-32bit-2.78.6-150600.4.35.1.x86_64.rpm libglib-2_0-0-32bit-2.78.6-150600.4.35.1.x86_64.rpm libgmodule-2_0-0-32bit-2.78.6-150600.4.35.1.x86_64.rpm libgobject-2_0-0-32bit-2.78.6-150600.4.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-466 Recommended update for mdadm important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mdadm fixes the following issues: - Update to version 4.4+31.g541b40d3: * fix crash with homehost=none (bsc#1254541) - Update to version 4.4+30.g9a59bf51: * mdcheck: work around bash 5.3 bug (bsc#1254087) mdadm-4.4+31.g541b40d3-150700.4.18.1.src.rpm mdadm-4.4+31.g541b40d3-150700.4.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-408 Recommended update for multipath-tools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for multipath-tools fixes the following issues: - Update to version 0.10.6+201+suse.9f189e79: * libmultipath: reduce log level of "map X has no targets" (bsc#1257476) - Update to version 0.10.6+200+suse.547788f4 (bsc#1257007): * kpartx: fix segfault when operating on regular files (bsc#1257244, bsc#1257153) * multipathd: print path offline message even without a checker (bsc#1254094) * Fix command descriptions in the multipathd man page. * Fix ISO C23 compatibility issue causing errors with new compilers. * Fix memory leak caused by not joining the "init unwinder" thread. * Fix memory leaks in kpartx. * Print the warning "setting scsi timeouts is unsupported for protocol" only once per protocol. * Make sure multipath-tools is compiled with the compiler flag `-fno-strict-aliasing` (bsc#1255285). - Update to version 0.10.5+213+suse.04c3a0ac: * Log offline path state if "log_checker_err always" is set (bsc#1254094) * mpathpersist: Fix REPORT CAPABILITIES output kpartx-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm libdmmp-devel-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm libdmmp0_2_0-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm libmpath0-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm multipath-tools-0.10.6+201+suse.9f189e79-150700.3.11.1.src.rpm multipath-tools-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm multipath-tools-devel-0.10.6+201+suse.9f189e79-150700.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-434 Security update for gpg2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396) - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389) dirmngr-2.4.4-150600.3.15.1.x86_64.rpm gpg2-2.4.4-150600.3.15.1.src.rpm gpg2-2.4.4-150600.3.15.1.x86_64.rpm gpg2-lang-2.4.4-150600.3.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1382 Recommended update for suseconnect-ng important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. libsuseconnect-1.21.1-150600.3.18.1.x86_64.rpm suseconnect-ng-1.21.1-150600.3.18.1.src.rpm suseconnect-ng-1.21.1-150600.3.18.1.x86_64.rpm suseconnect-ruby-bindings-1.21.1-150600.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-640 Recommended update for sssd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Use %pre scriptlet instead of %pretrans to migrate from sssd-common (bsc#1257509) - Update to release 2.10.2 (jsc#PED-12449): * If the ssh responder is not running, sss_ssh_knownhosts will not fail * SSSD is now capable of handling multiple services associated with the same port. * sssd_pam, being a privileged binary, now clears the environment and does not allow configuration of the PR_SET_DUMPABLE flag as a precaution. - Changes from sssd 2.10.1: * SSSD does not create anymore missing path components of DIR:/FILE: ccache types while acquiring user's TGT. The parent directory of requested ccache directory must exist and the user trying to log in must have rwx access to this directory. This matches behavior of /usr/bin/kinit. * The option default_domain_suffix is deprecated. - Changes from sssd 2.10.0: * The ``sssctl cache-upgrade`` command was removed. SSSD performs automatic upgrades at startup when needed. * Support of ``enumeration`` feature for AD/IPA providers is deprecated and might be removed in further releases. * The new tool ``sss_ssh_knownhosts`` can be used with ssh's ``KnownHostsCommand`` configuration option to retrieve the host's public keys from a remote server. It replaces ```sss_ssh_knownhostsproxy``. * The default value for ``ldap_id_use_start_tls`` changed from false to true for improved security. - Fix socket activation of responders - Daemon runs now as unprivileged user 'sssd' - Fix build parameter name omitted - Update filelists involving memberof.so and idmap/sss.so to avoid gobbling up one file into multiple sssd subpackages. - Fix spec file for openSUSE ALP and SUSE SLFO, where the python3_fix_shebang_path RPM macro is not available - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro (bsc#1212476) libipa_hbac-devel-2.10.2-150700.9.17.1.x86_64.rpm libipa_hbac0-2.10.2-150700.9.17.1.x86_64.rpm libsss_certmap-devel-2.10.2-150700.9.17.1.x86_64.rpm libsss_certmap0-2.10.2-150700.9.17.1.x86_64.rpm libsss_idmap-devel-2.10.2-150700.9.17.1.x86_64.rpm libsss_idmap0-2.10.2-150700.9.17.1.x86_64.rpm libsss_nss_idmap-devel-2.10.2-150700.9.17.1.x86_64.rpm libsss_nss_idmap0-2.10.2-150700.9.17.1.x86_64.rpm libsss_simpleifp-devel-2.10.2-150700.9.17.1.x86_64.rpm libsss_simpleifp0-2.10.2-150700.9.17.1.x86_64.rpm python3-sssd-config-2.10.2-150700.9.17.1.x86_64.rpm sssd-2.10.2-150700.9.17.1.src.rpm sssd-2.10.2-150700.9.17.1.x86_64.rpm sssd-ad-2.10.2-150700.9.17.1.x86_64.rpm sssd-dbus-2.10.2-150700.9.17.1.x86_64.rpm sssd-ipa-2.10.2-150700.9.17.1.x86_64.rpm sssd-kcm-2.10.2-150700.9.17.1.x86_64.rpm sssd-krb5-2.10.2-150700.9.17.1.x86_64.rpm sssd-krb5-common-2.10.2-150700.9.17.1.x86_64.rpm sssd-ldap-2.10.2-150700.9.17.1.x86_64.rpm sssd-proxy-2.10.2-150700.9.17.1.x86_64.rpm sssd-tools-2.10.2-150700.9.17.1.x86_64.rpm sssd-winbind-idmap-2.10.2-150700.9.17.1.x86_64.rpm sssd-32bit-2.10.2-150700.9.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-781 Security update for patch low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for patch fixes the following issues: - CVE-2021-45261: Clear range of pointers before they are used/freed (bsc#1194037). patch-2.7.6-150000.5.9.1.src.rpm patch-2.7.6-150000.5.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-646 Security update for expat moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) expat-2.7.1-150700.3.9.2.src.rpm expat-2.7.1-150700.3.9.2.x86_64.rpm libexpat-devel-2.7.1-150700.3.9.2.x86_64.rpm libexpat1-2.7.1-150700.3.9.2.x86_64.rpm libexpat1-32bit-2.7.1-150700.3.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-447 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim (bsc#1256280). - CVE-2025-39880: libceph: fix invalid accesses to ceph_connection_v1_info (bsc#1250388). - CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871). - CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845). - CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839). - CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260). - CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261). - CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102). - CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255). - CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327). - CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266). - CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269). - CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241). - CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226). - CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216). - CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157). - CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268). - CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128). - CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403). - CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120). - CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172). - CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417). - CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind (bsc#1255488). - CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482). - CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544). - CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552). - CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use (bsc#1255548). - CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622). - CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547). - CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537). - CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695). - CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname() (bsc#1255568). - CVE-2025-68728: ntfs3: fix uninit memory after failed mi_read in mi_format_new (bsc#1255539). - CVE-2025-68733: smack: fix bug: unprivileged task can create labels (bsc#1255615). - CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930). - CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579). - CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665). - CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659). - CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638). - CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688). - CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689). - CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646). - CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653). - CVE-2025-68803: nfsd: set security label during create operations (bsc#1256770). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651). - CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680). - CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674). - CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754). - CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613). - CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608). - CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628). - CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773). - CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777). - CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597). - CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605). - CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606). - CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607). - CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757). - CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733). - CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761). - CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (bsc#1256760). - CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164). - CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167). - CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168). - CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035). - CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053). - CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217). - CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221). - CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220). - CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218). - CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180). - CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv. - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245). - CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207). The following non security issues were fixed: - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ASoC: codecs: wsa881x: Drop unused version readout (stable-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - bs-upload-kernel: Fix cve branch uploads. - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - cifs: add new field to track the last access time of cfid (git-fixes). - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - cifs: avoid redundant calls to disable multichannel (git-fixes). - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - cifs: deal with the channel loading lag while picking channels (git-fixes). - cifs: dns resolution is needed only for primary channel (git-fixes). - cifs: do not disable interface polling on failure (git-fixes). - cifs: do not search for channel if server is terminating (git-fixes). - cifs: fix a pending undercount of srv_count (git-fixes). - cifs: Fix copy offload to flush destination region (bsc#1252511). - cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511). - cifs: fix lock ordering while disabling multichannel (git-fixes). - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: handle when server starts supporting multichannel (git-fixes). - cifs: handle when server stops supporting multichannel (git-fixes). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - cifs: make sure that channel scaling is done only once (git-fixes). - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - cifs: reset connections for all channels when reconnect requested (git-fixes). - cifs: reset iface weights when we cannot find a candidate (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - cpuset: fix warning when disabling remote partition (bsc#1256794). - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: fix return value check for kmemdup (git-fixes). - dpll: indent DPLL option type by a tab (git-fixes). - dpll: Prevent duplicate registrations (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - drm/amd/display: Apply e4479aecf658 to dml (stable-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - drm/amd/display: Initialise backlight level values from hw (git-fixes). - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes). - drm/amd/display: shrink struct members (stable-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes). - drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes). - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes). - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes). - exfat: fix remount failure in different process environments (git-fixes). - gpio: omap: do not register driver in probe() (git-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - gpio: pca953x: fix wrong error probe return value (git-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - gpio: pca953x: Utilise dev_err_probe() where it makes sense (stable-fixes). - gpio: pca953x: Utilise temporary variable for struct device (stable-fixes). - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - intel_th: fix device leak on output open() (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - mei: me: add nova lake point S DID (stable-fixes). - mei: me: add wildcat lake P DID (stable-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: mana: Add metadata support for xdp mode (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - net: mana: Add support for auxiliary device servicing events (git-fixes). - net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Fix warnings for missing export.h header inclusion (git-fixes). - net: mana: Handle hardware recovery events when probing the device (git-fixes). - net: mana: Handle Reset Request from MANA NIC (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Handle unsupported HWC commands (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - net: mana: Reduce waiting time if HWC not responding (git-fixes). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - NFS: Fix up the automount fs_context to use the correct cred (git-fixes). - nfsd: Drop the client reference in client_states_open() (git-fixes). - NFSD: Fix permission check for read access to executable-only files (git-fixes). - NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes). - NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes). - NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes). - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - nvmet-auth: update sc_c in host response (git-fixes). - nvmet-auth: update sc_c in target host hash calculation (git-fixes). - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes). - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes). - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes). - platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes). - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - RDMA/mana_ib: Access remote atomic for MRs (git-fixes). - RDMA/mana_ib: add additional port counters (git-fixes). - RDMA/mana_ib: Add device statistics support (git-fixes). - RDMA/mana_ib: Add port statistics support (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - RDMA/mana_ib: add support of multiple ports (git-fixes). - RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). - RDMA/mana_ib: create kernel-level CQs (git-fixes). - RDMA/mana_ib: create/destroy AH (git-fixes). - RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). - RDMA/mana_ib: extend mana QP table (git-fixes). - RDMA/mana_ib: Extend modify QP (git-fixes). - RDMA/mana_ib: Fix error code in probe() (git-fixes). - RDMA/mana_ib: Fix integer overflow during queue creation (git-fixes). - RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). - RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). - RDMA/mana_ib: Implement DMABUF MR support (git-fixes). - RDMA/mana_ib: implement get_dma_mr (git-fixes). - RDMA/mana_ib: implement req_notify_cq (git-fixes). - RDMA/mana_ib: indicate CM support (git-fixes). - RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). - RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). - RDMA/mana_ib: request error CQEs when supported (git-fixes). - RDMA/mana_ib: support of the zero based MRs (git-fixes). - RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). - RDMA/mana_ib: UD/GSI work requests (git-fixes). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - RDMA/mana_ib: Use safer allocation function() (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - sched: Increase sched_tick_remote timeout (bsc#1254510). - sched/rt: Skip group schedulable check with rt_group_sched=0 (bsc#1256568). - scripts: obsapi: Support URL trailing / in oscrc. - scripts: teaapi: Add paging. - scripts: uploader: Fix no change condition for _maintainership.json. - scripts: uploader: Handle missing upstream in is_pr_open. - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository. - scrits: teaapi: Add list_repos. - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256861). - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863). - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - selftests/bpf: Fix flaky bpf_cookie selftest (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - smb: change return type of cached_dir_lease_break() to bool (git-fixes). - smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (git-fixes). - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - smb: client: fix warning when reconnecting channel (git-fixes). - smb: client: introduce close_cached_dir_locked() (git-fixes). - smb: client: remove unused fid_lock (git-fixes). - smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (git-fixes). - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748). - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - smb: improve directory cache reuse for readdir operations (bsc#1252712). - smb3: add missing null server pointer check (git-fixes). - spi: spi-sprd-adi: Fix double free in probe error path (git-fixes). - spi: sprd-adi: switch to use spi_alloc_host() (stable-fixes). - spi: sprd: adi: Use devm_register_restart_handler() (stable-fixes). - svcrdma: return 0 on success from svc_rdma_copy_inline_range (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - wifi: mac80211: don't perform DA check on S1G beacon (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - x86: make page fault handling disable interrupts properly (git-fixes). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). kernel-default-6.4.0-150700.53.31.1.nosrc.rpm True kernel-default-6.4.0-150700.53.31.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.31.1.150700.17.21.1.src.rpm True kernel-default-base-6.4.0-150700.53.31.1.150700.17.21.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.31.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.31.1.noarch.rpm True kernel-macros-6.4.0-150700.53.31.1.noarch.rpm True kernel-source-6.4.0-150700.53.31.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-433 Security update for xrdp important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) libpainter0-0.9.13.1-150600.15.6.1.x86_64.rpm librfxencode0-0.9.13.1-150600.15.6.1.x86_64.rpm xrdp-0.9.13.1-150600.15.6.1.src.rpm xrdp-0.9.13.1-150600.15.6.1.x86_64.rpm xrdp-devel-0.9.13.1-150600.15.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-432 Security update for sqlite3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) libsqlite3-0-3.51.2-150000.3.36.1.x86_64.rpm sqlite3-3.51.2-150000.3.36.1.src.rpm sqlite3-3.51.2-150000.3.36.1.x86_64.rpm sqlite3-devel-3.51.2-150000.3.36.1.x86_64.rpm sqlite3-tcl-3.51.2-150000.3.36.1.x86_64.rpm libsqlite3-0-32bit-3.51.2-150000.3.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-428 Recommended update for open-vm-tools moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151: (bsc#1257357): * There are no new features in the open-vm-tools 13.0.10 release. * This is primarily a maintenance release that addresses a fix. * A minor enhancement has been made for Guest OS Customization. * The DeployPkg plugin has been updated to handle a new cloud-init error code that signals a recoverable error and allow cloud-init to finish running. libvmtools-devel-13.0.10-150600.3.24.1.x86_64.rpm libvmtools0-13.0.10-150600.3.24.1.x86_64.rpm open-vm-tools-13.0.10-150600.3.24.1.src.rpm open-vm-tools-13.0.10-150600.3.24.1.x86_64.rpm open-vm-tools-salt-minion-13.0.10-150600.3.24.1.x86_64.rpm open-vm-tools-sdmp-13.0.10-150600.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-636 Recommended update for libvirt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libvirt fixes the following issues: - virsh: Introduce new hypervisor-cpu-models command (jsc#PED-13062) - wireshark: Adapt to wireshark-4.6.0 (jsc#PED-15400) libvirt-11.0.0-150700.4.16.1.src.rpm libvirt-libs-11.0.0-150700.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-679 Optional update for 7zip moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for 7zip fixes the following issues: 7zip is shipped in version 25.01 (jsc#PED-15017). - Don't obsolete p7zip for SLE 15. 7zip-25.01-150400.9.3.1.src.rpm 7zip-25.01-150400.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1356 Security update for nfs-utils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nfs-utils fixes the following issue: Security fixes: - CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory (bsc#1259204). Other fixes: - Split from nfs-utils into its own spec and changelog file (bsc#1246505). - Split legacy libnfsidmap0 into a separate spec file (bsc#1246505). libnfsidmap0-0.26-150600.28.19.1.src.rpm libnfsidmap0-0.26-150600.28.19.1.x86_64.rpm libnfsidmap1-1.0-150600.28.19.1.x86_64.rpm nfs-client-2.6.4-150600.28.19.1.x86_64.rpm nfs-doc-2.6.4-150600.28.19.1.x86_64.rpm nfs-kernel-server-2.6.4-150600.28.19.1.x86_64.rpm nfs-utils-2.6.4-150600.28.19.1.src.rpm nfsidmap-devel-1.0-150600.28.19.1.x86_64.rpm nfsidmap0-devel-0.26-150600.28.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-486 Recommended update for suse-module-tools important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for suse-module-tools fixes the following issues: - Update to version 15.7.10: * udev rules: write block queue attributes only if necessary (bsc#1254928) - Update to version 15.7.9: * 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents (bsc#1254264) * udev: use syste md service to remount tmpfs (bsc#1253679) suse-module-tools-15.7.10-150700.3.11.1.src.rpm suse-module-tools-15.7.10-150700.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-431 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. (bsc#1257440) - CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer overflow. (bsc#1257598) libsoup-3.4.4-150600.3.31.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.31.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.31.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.31.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-445 Security update for qemu moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for qemu fixes the following issues: - CVE-2026-0665: Added PIRQ bounds check in xen_physdev_map_pirq to avoid an out-of-bounds heap. (bsc#1256484) Other fixes: - Fixed that QEMU migration fails if a qemu-vdagent channel is present in the VM (bsc#1257474) qemu-9.2.4-150700.3.14.1.src.rpm qemu-img-9.2.4-150700.3.14.1.x86_64.rpm qemu-pr-helper-9.2.4-150700.3.14.1.x86_64.rpm qemu-tools-9.2.4-150700.3.14.1.x86_64.rpm qemu-vmsr-helper-9.2.4-150700.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-574 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow (bsc#1257598). - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). - CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422). libsoup-2_4-1-2.74.3-150600.4.24.1.x86_64.rpm libsoup2-2.74.3-150600.4.24.1.src.rpm libsoup2-devel-2.74.3-150600.4.24.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.24.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1474 Optional update for luajit low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for luajit fixes the following issue: - Add luajit-devel to 15-SP7 PackageHUB module, no source change. (bsc#1256935) libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1.x86_64.rpm luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-791 Recommended update for gcc15 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) gcc15-15.2.0+git10201-150000.1.9.1.src.rpm libasan8-15.2.0+git10201-150000.1.9.1.x86_64.rpm libasan8-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libatomic1-15.2.0+git10201-150000.1.9.1.x86_64.rpm libatomic1-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgcc_s1-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgcc_s1-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgfortran5-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgfortran5-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgomp1-15.2.0+git10201-150000.1.9.1.x86_64.rpm libgomp1-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libhwasan0-15.2.0+git10201-150000.1.9.1.x86_64.rpm libitm1-15.2.0+git10201-150000.1.9.1.x86_64.rpm libitm1-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm liblsan0-15.2.0+git10201-150000.1.9.1.x86_64.rpm libobjc4-15.2.0+git10201-150000.1.9.1.x86_64.rpm libobjc4-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libquadmath0-15.2.0+git10201-150000.1.9.1.x86_64.rpm libquadmath0-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libquadmath0-devel-gcc15-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-locale-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-pp-15.2.0+git10201-150000.1.9.1.x86_64.rpm libstdc++6-pp-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm libtsan2-15.2.0+git10201-150000.1.9.1.x86_64.rpm libubsan1-15.2.0+git10201-150000.1.9.1.x86_64.rpm libubsan1-32bit-15.2.0+git10201-150000.1.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-608 Recommended update for lvm2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for lvm2 fixes the following issues: - L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661) * libdaemon: fix suppressing stray fd warnings device-mapper-2.03.24_1.02.198-150700.7.6.1.x86_64.rpm device-mapper-devel-2.03.24_1.02.198-150700.7.6.1.x86_64.rpm libdevmapper-event1_03-2.03.24_1.02.198-150700.7.6.1.x86_64.rpm libdevmapper1_03-2.03.24_1.02.198-150700.7.6.1.x86_64.rpm liblvm2cmd2_03-2.03.24-150700.7.6.1.x86_64.rpm lvm2-2.03.24-150700.7.6.1.src.rpm lvm2-2.03.24-150700.7.6.1.x86_64.rpm lvm2-devel-2.03.24-150700.7.6.1.x86_64.rpm lvm2-device-mapper-2.03.24-150700.7.6.1.src.rpm libdevmapper1_03-32bit-2.03.24_1.02.198-150700.7.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1348 Recommended update for gcc14 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gcc14 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) gcc14-14.3.0+git11799-150000.1.14.2.src.rpm libm2cor19-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2cor19-32bit-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2iso19-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2iso19-32bit-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2log19-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2log19-32bit-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2min19-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2min19-32bit-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2pim19-14.3.0+git11799-150000.1.14.2.x86_64.rpm libm2pim19-32bit-14.3.0+git11799-150000.1.14.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-829 Security update for gnutls moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gnutls fixes the following issues: Security issue: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (bsc#1257960). Other updates and bugfixes: - update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753). - lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2 - tests/psk-file: Add testing for _credentials2 functions - lib/psk: add null check for binder algo - pre_shared_key: fix memleak when retrying with different binder algo - pre_shared_key: add null check on pskcred gnutls-3.8.3-150600.4.17.1.src.rpm gnutls-3.8.3-150600.4.17.1.x86_64.rpm libgnutls-devel-3.8.3-150600.4.17.1.x86_64.rpm libgnutls30-3.8.3-150600.4.17.1.x86_64.rpm libgnutlsxx-devel-3.8.3-150600.4.17.1.x86_64.rpm libgnutlsxx30-3.8.3-150600.4.17.1.x86_64.rpm libgnutls30-32bit-3.8.3-150600.4.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-677 Recommended update for grub2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: - Support dm multipath bootlist on PowerPC (bsc#1254415) - Backport upstream's commit to prevent BIOS assert (bsc#1258022) - Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS Reboot (bsc#1254299) * Fix PowerPC CAS reboot to evaluate menu context grub2-2.12-150700.19.26.1.src.rpm grub2-2.12-150700.19.26.1.x86_64.rpm grub2-i386-pc-2.12-150700.19.26.1.noarch.rpm grub2-snapper-plugin-2.12-150700.19.26.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-150700.19.26.1.noarch.rpm grub2-x86_64-efi-2.12-150700.19.26.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-793 Recommended update for libnvme moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libnvme fixes the following issues: - Update to version 1.11+22.gc0b8e5f8 (bsc#1256043): * fabrics: + add additional debug messages for --tls and --concat + add error if dhchap-ctrl-secret is specified with --concat + add error if no dhchap-secret is specified with --concat + add error if --tls and --concat are invoked together + fix concat during nvme connect-all libnvme-1.11+22.gc0b8e5f8-150700.4.17.1.src.rpm libnvme-devel-1.11+22.gc0b8e5f8-150700.4.17.1.x86_64.rpm libnvme-mi1-1.11+22.gc0b8e5f8-150700.4.17.1.x86_64.rpm libnvme1-1.11+22.gc0b8e5f8-150700.4.17.1.x86_64.rpm python3-libnvme-1.11+22.gc0b8e5f8-150700.4.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-835 Recommended update for apache2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache2 fixes the following issues: - Fix: apache2 default config gives a warning AH00317 (bsc#1229147). * The default value for MaxRequestWorkers should be a multiple of 25, so we're setting it from 256 down to 250, which is what Apache was doing during runtime in any case. apache2-2.4.62-150700.4.12.1.src.rpm apache2-2.4.62-150700.4.12.1.x86_64.rpm apache2-prefork-2.4.62-150700.4.12.1.src.rpm apache2-prefork-2.4.62-150700.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-599 Security update for libpng12 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng12 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). libpng12-0-1.2.57-150000.4.6.1.x86_64.rpm libpng12-1.2.57-150000.4.6.1.src.rpm libpng12-devel-1.2.57-150000.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-597 Security update for libpng16 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). libpng16-1.6.40-150600.3.12.1.src.rpm libpng16-16-1.6.40-150600.3.12.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.12.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.12.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-881 Security update for postgresql18 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for postgresql18 fixes the following issues: Update to version 18.3 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012). Regression fixes: - the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error "could not access status of transaction". libpq5-18.3-150600.13.8.1.x86_64.rpm postgresql18-18.3-150600.13.8.1.src.rpm postgresql18-18.3-150600.13.8.1.x86_64.rpm libpq5-32bit-18.3-150600.13.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-883 Security update for postgresql17 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Update to version 17.9 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error "could not access status of transaction". postgresql17-17.9-150600.13.24.1.src.rpm postgresql17-17.9-150600.13.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-664 Security update for python3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). libpython3_6m1_0-3.6.15-150300.10.106.1.x86_64.rpm python3-3.6.15-150300.10.106.1.src.rpm python3-3.6.15-150300.10.106.1.x86_64.rpm python3-base-3.6.15-150300.10.106.1.x86_64.rpm python3-core-3.6.15-150300.10.106.1.src.rpm python3-curses-3.6.15-150300.10.106.1.x86_64.rpm python3-dbm-3.6.15-150300.10.106.1.x86_64.rpm python3-devel-3.6.15-150300.10.106.1.x86_64.rpm python3-idle-3.6.15-150300.10.106.1.x86_64.rpm python3-tk-3.6.15-150300.10.106.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-589 Security update for xen moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58150: buffer overrun with shadow paging + tracing (XSA-477) (bsc#1256745). - CVE-2026-23553: incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747). xen-4.20.2_06-150700.3.25.1.src.rpm xen-libs-4.20.2_06-150700.3.25.1.x86_64.rpm xen-tools-domU-4.20.2_06-150700.3.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-806 Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration fixes the following issues: Changes for SLES16-SAP_Migration: - Bump version: 2.1.30 Changes for SLES16-Migration: - Bump version: 2.1.30 Changes for suse-migration-sle16-activation: - Move script package to the main migration provider - Create lib file for common network-prereq tasks - Refactor mount_system service Changes for suse-migration-services: - Bump to version: 2.1.30: * Update docinfo * Update doc/adoc/user_guide.adoc * Update documentation for 12-to-15 in pubclouds Fix information about default service pack target. * Apply make black * Added black for code formatting * refactor: add `Zypper.install` wrapper Add `Zypper.install` wrapper method for package installation * Fixed get_migration_target return behavior * fix: ensure NetworkManager is installed on the target system Changes for wicked2nm: - Update to version v1.4.1. Security issues fixed: - CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257911). Other updates and bugfixes: - update bytes from 1.10.1 to 1.11.1 - update time to 0.3.47 SLES16-Migration-2.1.30-15.26.4.src.rpm SLES16-Migration-2.1.30-15.26.4.x86_64.rpm python3-migration-2.1.30-150700.15.21.1.noarch.rpm suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch.rpm suse-migration-scripts-2.1.30-150700.15.21.1.noarch.rpm suse-migration-services-2.1.30-150700.15.21.1.src.rpm suse-migration-sle16-activation-2.1.30-150700.15.13.1.src.rpm suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64.rpm wicked2nm-1.4.1-150700.15.16.1.src.rpm wicked2nm-1.4.1-150700.15.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-779 Security update for libssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). libssh-0.9.8-150600.11.9.1.src.rpm libssh-config-0.9.8-150600.11.9.1.x86_64.rpm libssh-devel-0.9.8-150600.11.9.1.x86_64.rpm libssh4-0.9.8-150600.11.9.1.x86_64.rpm libssh4-32bit-0.9.8-150600.11.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-837 Recommended update for syslogd moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) syslog-service-2.0-150300.13.3.1.noarch.rpm syslogd-1.4.1-150300.13.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-912 Recommended update for ca-certificates-mozilla moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ca-certificates-mozilla-2.84-150200.44.1.noarch.rpm ca-certificates-mozilla-2.84-150200.44.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1402 Recommended update for autofs moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for autofs fixes the following issues: - fix deadlock on map entry removal (bsc#1246325) - Fix incorrect autofs udisks linkage (bsc#1246612) autofs-5.1.9-150600.3.5.1.src.rpm autofs-5.1.9-150600.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-974 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - updated CUDA variant to version 580.126.20 - update non-CUDA variant to version 580.126.18 (bsc#1258154) - fixes build against kernel 6.19 - fix build and adjusted it to sle15-sp5 kernel nv-prefer-signed-open-driver-580.126.20-150700.3.45.1.x86_64.rpm nvidia-open-driver-G06-signed-580.126.18-150700.3.45.1.src.rpm nvidia-open-driver-G06-signed-cuda-580.126.20-150700.3.45.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.126.20-150700.3.45.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.126.20_k6.4.0_150700.53.31-150700.3.45.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-580.126.18-150700.3.45.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.18_k6.4.0_150700.53.31-150700.3.45.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-668 Security update for ucode-intel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release (bsc#1258046) - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129) - CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege. (bsc#1258046) ucode-intel-20260210-150200.62.1.src.rpm True ucode-intel-20260210-150200.62.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-844 Recommended update for glibc moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glibc fixes the following issues: - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940) glibc-2.38-150600.14.43.1.src.rpm glibc-2.38-150600.14.43.1.x86_64.rpm glibc-devel-2.38-150600.14.43.1.x86_64.rpm glibc-extra-2.38-150600.14.43.1.x86_64.rpm glibc-i18ndata-2.38-150600.14.43.1.noarch.rpm glibc-info-2.38-150600.14.43.1.noarch.rpm glibc-lang-2.38-150600.14.43.1.noarch.rpm glibc-locale-2.38-150600.14.43.1.x86_64.rpm glibc-locale-base-2.38-150600.14.43.1.x86_64.rpm glibc-profile-2.38-150600.14.43.1.x86_64.rpm libnsl1-2.38-150600.14.43.1.x86_64.rpm nscd-2.38-150600.14.43.1.x86_64.rpm glibc-32bit-2.38-150600.14.43.1.x86_64.rpm glibc-locale-base-32bit-2.38-150600.14.43.1.x86_64.rpm libnsl1-32bit-2.38-150600.14.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-676 Recommended update for makedumpfile important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for makedumpfile fixes the following issues: - Fix a data race in multi-threading mode (--num-threads=N) (bsc#1245569, bsc#1256455). makedumpfile-1.7.4-150600.3.6.1.src.rpm makedumpfile-1.7.4-150600.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-666 Security update for docker moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-150000.241.2.src.rpm docker-28.5.1_ce-150000.241.2.x86_64.rpm docker-buildx-0.29.0-150000.241.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1169 Security update for wireshark important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 (jsc#PED-15400). - CVE-2024-9780: ITS dissector crash (bsc#1231475). - CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash (bsc#1231476). - CVE-2024-11595: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark (bsc#1233594). - CVE-2024-11596: Buffer Over-read in Wireshark (bsc#1233593). - CVE-2025-1492: Uncontrolled Recursion in Wireshark (bsc#1237414). - CVE-2025-5601: Column handling crashes in Wireshark allows denial of service (bsc#1244081). - CVE-2025-9817: NULL Pointer Dereference in ssh dissector (bsc#1249090). - CVE-2025-13499: a malformed packet can lead to a Kafka dissector crash (bsc#1254108). - CVE-2025-13674: injecting a malformed packet can cause a crash (bsc#1254262). - CVE-2025-13945: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service (bsc#1254471). - CVE-2025-13946: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service (bsc#1254472). - CVE-2026-0959: denial of service via IEEE 802.11 protocol dissector crash (bsc#1256734). - CVE-2026-0960: denial of Service via HTTP3 protocol dissector infinite loop (bsc#1256736). - CVE-2026-0961: denial of Service vulnerability in BLF file parser (bsc#1256738). - CVE-2026-0962: denial of Service via SOME/IP-SD protocol dissector crash (bsc#1256739). - CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). - CVE-2026-3202: missing checks in NTS-KE protocol dissector can lead to crash (bsc#1258908). - CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). Also libvirt was rebuilt against wireshark for the libvirt plugin. libvirt-11.0.0-150700.4.19.1.src.rpm libvirt-libs-11.0.0-150700.4.19.1.x86_64.rpm libwireshark19-4.6.4-150700.21.8.1.x86_64.rpm libwiretap16-4.6.4-150700.21.8.1.x86_64.rpm libwsutil17-4.6.4-150700.21.8.1.x86_64.rpm wireshark-4.6.4-150700.21.8.1.src.rpm wireshark-4.6.4-150700.21.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-678 Recommended update for mdadm important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mdadm fixes the following issues: - Update to version 4.4+39.g6e1c3b06: * platform-intel: Deal with hot-unplugged devices (bsc#1258265) * imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009) - Update to version 4.4+37.gea219956: - Backport upstream fixes from 4.5 (bsc#1257009) * Re-enable mdadm --monitor ... for /dev/mdX * Allow RAID0 to be created with v0.90 metadata * Moves memory management into Assemble to avoid null pointer dereference * Support non-absolute name during monitor scan * Don't set badblock flag when adding a new disk * Fix metadata corruption when managing new imsm array mdadm-4.4+39.g6e1c3b06-150700.4.21.1.src.rpm mdadm-4.4+39.g6e1c3b06-150700.4.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-671 Recommended update for adcli important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for adcli fixes the following issues: - Improve DC locator strategy, do not query more servers than necessary (bsc#1257717): * Make adcli info DC location mechanism more compliant adcli-0.8.2-150400.17.11.1.src.rpm adcli-0.8.2-150400.17.11.1.x86_64.rpm adcli-doc-0.8.2-150400.17.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-783 Security update for zlib moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). libminizip1-1.2.13-150500.4.6.1.x86_64.rpm libz1-1.2.13-150500.4.6.1.x86_64.rpm minizip-devel-1.2.13-150500.4.6.1.x86_64.rpm zlib-1.2.13-150500.4.6.1.src.rpm zlib-devel-1.2.13-150500.4.6.1.x86_64.rpm zlib-devel-static-1.2.13-150500.4.6.1.x86_64.rpm libz1-32bit-1.2.13-150500.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-690 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751). - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). libsoup-3.4.4-150600.3.34.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.34.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.34.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.34.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-657 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751). - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). libsoup-2_4-1-2.74.3-150600.4.27.1.x86_64.rpm libsoup2-2.74.3-150600.4.27.1.src.rpm libsoup2-devel-2.74.3-150600.4.27.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.27.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-777 Security update for cosign moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cosign fixes the following issues: Update to version 3.0.5 (jsc#SLE-23879). Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620). - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913). - CVE-2026-22703: Verification accepts any valid Rekor entry under certain conditions (bsc#1256496). - CVE-2026-22772: github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562). - CVE-2026-23991: github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080). - CVE-2026-23992: github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085). - CVE-2026-24122: improper validation of certificates that outlive expired CA certificates (bsc#1258542). - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139). - CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612). Other updates and bugfixes: * chore(deps): bump google.golang.org/api from 0.260.0 to 0.264.0 (#4679) * chore(deps): bump github.com/sigstore/rekor-tiles/v2 from 2.0.1 to 2.1.0 (#4670) * chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4712) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4680) * chore(deps): bump the gomod group across 1 directory with 4 updates (#4702) * chore(deps): bump the actions group with 3 updates (#4703) * update golang builder to use go1.25.7 (#4687) * update golangci-lint to v2.8.x (#4688) * Support DSSE signing conformance test (#4685) * chore(deps): bump the actions group across 1 directory with 8 updates (#4689) * Deprecate rekor-entry-type flag (#4691) * Deprecate cosign triangulate (#4676) * Deprecate cosign copy (#4681) * Enforce TSA requirement for Rekor v2, Fuclio signing (#4683) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4668) * chore(deps): bump golang from 1.25.5 to 1.25.6 in the all group (#4673) * Automatically require signed timestamp with Rekor v2 entries (#4666) * Fix syntax issue in conformance test, update nightly (#4664) * Add mTLS support for TSA client connections when signing with a signing config (#4620) * fix: avoid panic on malformed tlog entry body (#4652) * Verify validity of chain rather than just certificate (#4663) * Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626) * chore(deps): bump the gomod group across 1 directory with 3 updates (#4662) * Bump sigstore/sigstore to resolve GHSA (#4660) * Gracefully fail if bundle payload body is not a string (#4648) * fix: avoid panic on malformed replace payload (#4653) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#4659) * fix: avoid panic on malformed attestation payload (#4651) * fix: avoid panic on malformed tlog entries (#4649) * Update conformance to latest * docs(cosign): clarify RFC3161 revocation semantics (#4642) * Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635) * chore(deps): bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 (#4637) * Add origin key for ctfe trusted root * Add changelog updates for v3.0.4 and v2.6.2 (#4625) - Update to version 3.0.4: * Fix bundle verify path for old bundle/trusted root (#4623) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4616) * chore(deps): bump cuelang.org/go in the gomod group (#4615) * Optimize cosign tree performance by caching digest resolution (#4612) * Don't require a trusted root to verify offline with a key (#4613) * Support default services for trusted-root and signing-config creation (#4592) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4602) * chore(deps): bump github.com/sigstore/sigstore-go (#4578) * chore(deps): bump github.com/buildkite/agent/v3 from 3.114.1 to 3.115.2 (#4601) * chore(deps): bump google.golang.org/api from 0.257.0 to 0.258.0 (#4611) * chore(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 (#4604) * chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4588) * chore(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#4586) * chore(deps): bump the gomod group with 5 updates (#4599) * chore(deps): bump github.com/open-policy-agent/opa from 1.10.1 to 1.12.1 (#4600) * chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 (#4584) * chore(deps): bump the actions group with 3 updates (#4587) * chore(deps): bump actions/cache from 4.3.0 to 5.0.1 (#4589) * chore(deps): bump the gomod group with 9 updates (#4577) - Update to version 3.0.3: * 4554: Closes 4554 - Add warning when --output* is used (#4556) * chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545) * chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0 (#4542) * chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#4543) * chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546) * chore(deps): bump the actions group with 4 updates (#4544) * chore(deps): bump the gomod group across 1 directory with 5 updates (#4567) * chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568) * update builder to use go1.25.5 (#4566) * Protobuf bundle support for subcommand `clean` (#4539) * Add staging flag to initialize with staging TUF metadata * update slack invite link (#4560) * Updating sign-blob to also support signing with a certificate (#4547) * Bump sigstore library dependencies (#4532) * Protobuf bundle support for subcommands `save` and `load` (#4538) * Fix cert attachment for new bundle with signing config * Fix OCI verification with local cert - old bundle * chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519) * chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535) * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536) * update go builder and cosign (#4529) * chore(deps): bump the gomod group across 1 directory with 7 updates (#4528) * chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520) * chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515) * chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518) * chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524) * chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 (#4521) * chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502) * chore(deps): bump the actions group across 1 directory with 2 updates (#4516) * chore(deps): bump github.com/buildkite/agent/v3 from 3.110.0 to 3.111.0 (#4523) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4522) * Deprecate tlog-upload flag (#4458) * fix: Use signal context for `sign` cli package. * update offline verification directions (#4526) * Fix signing/verifying annotations for new bundle * Add support to download and attach for protobuf bundles (#4477) * Add --signing-algorithm flag (#3497) * Refactor signcommon bundle helpers * Add --bundle and fix --upload for new bundle * Pass insecure registry flags through to referrers * chore(deps): bump github.com/buildkite/agent/v3 from 3.108.0 to 3.109.1 (#4483) * Add protobuf bundle support for tree subcommand (#4491) * Remove stale embed import (#4492) * Support multiple container identities * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4484) * chore(deps): bump chainguard-dev/actions in the actions group (#4480) * chore(deps): bump github.com/sigstore/rekor-tiles/v2 (#4485) * chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#4486) * chore(deps): bump cuelang.org/go in the gomod group (#4479) * upgrade OSS-Fuzz build tooling (#4487) * Fix segfault when no attestations are found (#4472) * Use overridden repository for new bundle format (#4473) * update go to 1.25.3 (#4471) * Remove --out flag from `cosign initialize` (#4462) * chore(deps): bump the actions group with 2 updates (#4460) * Deprecate offline flag (#4457) * Deduplicate code in sign/attest* and verify* commands (#4449) * Cache signing config when calling initialize (#4456) * Update changelog for v3.0.2 (#4455) * chore(deps): bump google.golang.org/api from 0.250.0 to 0.251.0 * chore(deps): bump gitlab.com/gitlab-org/api/client-go * chore(deps): bump the actions group with 3 updates * chore(deps): bump github.com/buildkite/agent/v3 from 3.107.2 to 3.108.0 * choose different signature filename for KMS-signed release signatures (#4448) * chore(deps): bump github.com/go-jose/go-jose/v4 (#4451) * Update rekor-tiles version path * update CL for v3.0.1 release (#4447) * update goreleaser config for v3.0.0 release (#4446) * Create changelog for v3.0.0 (#4440) * Fetch service URLs from the TUF PGI signing config by default (#4428) * Create changelog for v2.6.1 (#4439) * chore(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 (#4432) * chore(deps): bump the gomod group with 2 updates (#4429) * chore(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#4433) * chore(deps): bump the actions group with 3 updates (#4434) * chore(deps): bump github.com/go-openapi/swag from 0.24.1 to 0.25.1 (#4435) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4436) * chore(deps): bump github.com/go-openapi/runtime from 0.28.0 to 0.29.0 (#4437) * Bump module version to v3 for Cosign v3.0 (#4427) * Move sigstore-conformance back to tagged release (#4425) * Bump sigstore-go to v1.1.3 (#4423) * Partially populate the output of cosign verify when working with new bundles (#4416) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4419) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4418) * chore(deps): bump github.com/buildkite/agent/v3 from 3.105.0 to 3.107.0 (#4420) * chore(deps): bump chainguard-dev/actions in the actions group (#4421) * bump go builder to use 1.25.1 and cosign (#4417) * Bump sigstore-go for more precise user agents (#4413) * chore(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#4408) * chore(deps): bump the actions group with 2 updates (#4407) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4410) * chore(deps): bump github.com/buildkite/agent/v3 from 3.104.0 to 3.105.0 (#4411) * Default to using the new protobuf format (#4318) - Update to version 2.6.0: * Require exclusively a SigningConfig or service URLs when signing (#4403) * Add a terminal spinner while signing with sigstore-go (#4402) * Bump sigstore-go, support alternative hash algorithms with keys (#4386) * Add support for SigningConfig in sign/attest (#4371) * Support self-managed keys when signing with sigstore-go (#4368) * Remove SHA256 assumption in sign-blob/verify-blob (#4050) * introduce dockerfile to pin the go version to decouple go version from go.mod (#4369) * refactor: extract function to write referrer attestations (#4357) * Break import cycle with e2e build tag (#4370) * Update conformance test binary for signing config (#4367) * update builder image to use go1.25 (#4366) * Don't load content from TUF if trusted root path is specified (#4347) * Don't require timestamps when verifying with a key (#4337) * Fixes to cosign sign / verify for the new bundle format (#4346) * update builder to use go1.24.6 (#4334) * bump golangci-lint to v2.3.x (#4333) * Have cosign sign support bundle format (#4316) * Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319) * Verify subject with bundle only when checking claims (#4320) * Add to `attest-blob` the ability to supply a complete in-toto statement, and add to `verify-blob-attestation` the ability to verify with just a digest (#4306) cosign-3.0.5-150400.3.35.1.src.rpm cosign-3.0.5-150400.3.35.1.x86_64.rpm cosign-bash-completion-3.0.5-150400.3.35.1.noarch.rpm cosign-zsh-completion-3.0.5-150400.3.35.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-767 Security update for python311 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2025-12781: inadequate parameter check can cause data integrity issues (bsc#1257108). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). libpython3_11-1_0-3.11.14-150600.3.44.1.x86_64.rpm python311-base-3.11.14-150600.3.44.1.x86_64.rpm python311-core-3.11.14-150600.3.44.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1401 Recommended update for supportutils-scrub moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for supportutils-scrub fixes the following issues: - Update to version 1.2.0 + New input modes * Folder mode: pass any directory, output written to {dir}_scrubbed/ * Stdin/pipe mode: cat log | supportutils-scrub (scrubbed text to stdout) * Single file mode: process a plain file, output to {file}_scrubbed * Multi-archive mode: process several .txz/.tgz in one run with shared mappings ensuring consistent obfuscation across all archives + Improved automatic entity detection for pipe/file/stdin modes * PAM log patterns: pam_unix([...]) and unix_chkpwd extract usernames * logname= field now recognised as username source * NFS server lines extract hostname and domain automatically * RFC 5424 syslog hostname (field repeated >= 3 lines) auto-detected + Fixed domain parser false positives * Added TLD allowlist rejecting D-Bus names, container runtime interfaces, version strings, systemd scopes and hardware IDs + Bug fixes * Fixed IP pool exhaustion crash when mixed prefix lengths allocated - Update to version 1.1.0 + Major enhancement: Subnet-aware IP obfuscation * Maps entire IPv4 subnets to fake subnets preserving host offsets * Gateway .1 remains .1, broadcast .255 remains .255 * Maintains network topology for effective troubleshooting + Added PCAP obfuscation support with tcprewrite integration * Rewrites packet captures using same subnet mappings as logs * Ensures consistency across supportconfigs and network traces * Exports tcprewrite-compatible subnet rules + Enhanced mapping file structure * Added 'subnet' section with subnet-to-subnet translations * Added 'state' section tracking IP pool allocation cursors * Enables reproducible obfuscation across multiple runs + Improved IP processing * Two-pass processing: learns subnets then applies mapping * Preserves special IPs (0.0.0.0, 127.0.0.1, multicast) * Protects version strings from incorrect obfuscation + Enhanced domain and hostname extraction * Multiple source parsing (resolv.conf, hosts, NFS, NTP) * Fixed word boundary detection preventing partial replacements * Added minimum length requirements for hostnames + Security improvements * Dataset JSON files created with 0600 permissions * System users excluded from obfuscation + Added command-line options for PCAP processing * --rewrite-pcap: Enable PCAP rewriting mode * --pcap-in: Specify input PCAP files * --pcap-out-dir: Output directory for obfuscated PCAPs * --print-tcprewrite: Display tcprewrite command + Bug fixes * Fixed /32 host route handling * Corrected inline comment processing in hostnames * Resolved IPv6 subnet awareness issues * Fixed MAC address parsing false positives - Initial release version 1.0.0 + Basic obfuscation for supportconfig tarballs + Supports IP, domain, hostname, username, MAC, IPv6 + Configuration file support + Keyword-based obfuscation + Mapping file for consistency across runs supportutils-scrub-1.2-150100.3.6.1.noarch.rpm supportutils-scrub-1.2-150100.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-832 Security update for qemu moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for qemu fixes the following issues: Security issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). Non security issues: - * hw/virtio: Also include md stubs in case CONFIG_VIRTIO_PCI is not set (jsc#PED-14271). - * s390x/pv: prepare for memory devices (jsc#PED-14271). - * s390x/s390-skeys: prepare for memory devices (jsc#PED-14271). - * s390x/s390-stattrib-kvm: prepare for memory devices and sparse memory layouts (jsc#PED-14271). - * s390x/s390-virtio-ccw: prepare for memory devices (jsc#PED-14271). - * s390x/virtio-ccw: add support for virtio based memory devices (jsc#PED-14271). - * s390x: remember the maximum page size (jsc#PED-14271). - * s390x: virtio-mem support (jsc#PED-14271). qemu-9.2.4-150700.3.17.1.src.rpm qemu-img-9.2.4-150700.3.17.1.x86_64.rpm qemu-pr-helper-9.2.4-150700.3.17.1.x86_64.rpm qemu-tools-9.2.4-150700.3.17.1.x86_64.rpm qemu-vmsr-helper-9.2.4-150700.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-759 Security update for busybox important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). busybox-1.37.0-150700.18.15.1.src.rpm busybox-1.37.0-150700.18.15.1.x86_64.rpm busybox-static-1.37.0-150700.18.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-813 Security update for mozilla-nss moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: * CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568) libfreebl3-3.112.3-150400.3.63.1.x86_64.rpm libsoftokn3-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-3.112.3-150400.3.63.1.src.rpm mozilla-nss-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-certs-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-devel-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-sysinit-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-tools-3.112.3-150400.3.63.1.x86_64.rpm libfreebl3-32bit-3.112.3-150400.3.63.1.x86_64.rpm libsoftokn3-32bit-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-32bit-3.112.3-150400.3.63.1.x86_64.rpm mozilla-nss-certs-32bit-3.112.3-150400.3.63.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-794 Recommended update for libpcap important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpcap fixes the following issues: - Enable RMDA: Fix missing dependency in spec so libcap is built with RMDA support (bsc#1258668). libpcap-1.10.5-150700.3.10.1.src.rpm libpcap-devel-1.10.5-150700.3.10.1.x86_64.rpm libpcap1-1.10.5-150700.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-840 Security update for grpc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS (bsc#1214148). grpc-1.25.0-150200.3.10.1.src.rpm libgrpc8-1.25.0-150200.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1485 Recommended update for dejavu-fonts, arphic-uming-fonts, arphic-ukai-fonts, arphic-fonts, liberation-fonts, efont-unicode-bitmap-fonts low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dejavu-fonts, arphic-uming-fonts, arphic-ukai-fonts, arphic-fonts, liberation-fonts, efont-unicode-bitmap-fonts fixes the following issues: - use %license tag [bsc#1252142] arphic-bkai00mp-fonts-20001125-150000.3.4.1.noarch.rpm arphic-bsmi00lp-fonts-20001125-150000.3.4.1.noarch.rpm arphic-fonts-20001125-150000.3.4.1.noarch.rpm arphic-fonts-20001125-150000.3.4.1.src.rpm arphic-gbsn00lp-fonts-20001125-150000.3.4.1.noarch.rpm arphic-gkai00mp-fonts-20001125-150000.3.4.1.noarch.rpm arphic-ukai-fonts-0.2.20080216.1-150000.3.3.1.noarch.rpm arphic-ukai-fonts-0.2.20080216.1-150000.3.3.1.src.rpm arphic-uming-fonts-0.2.20080216.1-150000.3.3.1.noarch.rpm arphic-uming-fonts-0.2.20080216.1-150000.3.3.1.src.rpm dejavu-fonts-2.37-150000.3.3.1.noarch.rpm dejavu-fonts-2.37-150000.3.3.1.src.rpm efont-unicode-bitmap-fonts-0.4.2-150000.3.3.1.noarch.rpm efont-unicode-bitmap-fonts-0.4.2-150000.3.3.1.src.rpm liberation-fonts-1.07.4-150000.4.5.1.noarch.rpm liberation-fonts-1.07.4-150000.4.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-801 Security update for libxslt moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libxslt fixes the following issues: - CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553). libxslt-1.1.34-150400.3.16.1.src.rpm libxslt-devel-1.1.34-150400.3.16.1.x86_64.rpm libxslt-tools-1.1.34-150400.3.16.1.x86_64.rpm libxslt1-1.1.34-150400.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-788 Security update for libsoup important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). libsoup-3.4.4-150600.3.37.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.37.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.37.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.37.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-811 Security update for libsoup2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). libsoup-2_4-1-2.74.3-150600.4.30.1.x86_64.rpm libsoup2-2.74.3-150600.4.30.1.src.rpm libsoup2-devel-2.74.3-150600.4.30.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.30.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1406 Security update for util-linux moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for util-linux fixes the following issues: Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: - recognize fuse "portal" as a virtual file system (bsc#1234736). - fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). libblkid-devel-2.40.4-150700.4.10.1.x86_64.rpm libblkid-devel-static-2.40.4-150700.4.10.1.x86_64.rpm libblkid1-2.40.4-150700.4.10.1.x86_64.rpm libfdisk-devel-2.40.4-150700.4.10.1.x86_64.rpm libfdisk1-2.40.4-150700.4.10.1.x86_64.rpm libmount-devel-2.40.4-150700.4.10.1.x86_64.rpm libmount1-2.40.4-150700.4.10.1.x86_64.rpm libsmartcols-devel-2.40.4-150700.4.10.1.x86_64.rpm libsmartcols1-2.40.4-150700.4.10.1.x86_64.rpm libuuid-devel-2.40.4-150700.4.10.1.x86_64.rpm libuuid-devel-static-2.40.4-150700.4.10.1.x86_64.rpm libuuid1-2.40.4-150700.4.10.1.x86_64.rpm util-linux-2.40.4-150700.4.10.1.src.rpm util-linux-2.40.4-150700.4.10.1.x86_64.rpm util-linux-lang-2.40.4-150700.4.10.1.noarch.rpm util-linux-systemd-2.40.4-150700.4.10.1.src.rpm util-linux-systemd-2.40.4-150700.4.10.1.x86_64.rpm util-linux-tty-tools-2.40.4-150700.4.10.1.x86_64.rpm libblkid1-32bit-2.40.4-150700.4.10.1.x86_64.rpm libmount1-32bit-2.40.4-150700.4.10.1.x86_64.rpm libuuid1-32bit-2.40.4-150700.4.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-831 Security update for openvpn important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: * CVE-2025-13086: improper validation of IP addresses that can cause denial of service (bsc#1254486) openvpn-2.6.10-150600.3.20.1.src.rpm openvpn-2.6.10-150600.3.20.1.x86_64.rpm openvpn-auth-pam-plugin-2.6.10-150600.3.20.1.x86_64.rpm openvpn-dco-2.6.10-150600.3.20.1.src.rpm openvpn-dco-2.6.10-150600.3.20.1.x86_64.rpm openvpn-dco-devel-2.6.10-150600.3.20.1.x86_64.rpm openvpn-devel-2.6.10-150600.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-819 Security update for virtiofsd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257912). virtiofsd-1.12.0-150700.3.3.1.src.rpm virtiofsd-1.12.0-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1361 Security update for himmelblau important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511): - CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324). - CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548). - CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904). - CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013). - CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735). - CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437). - CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949). Other bug fixes: - Fix SELinux module packaging to use standard policy macros (bsc#1258236). himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.src.rpm himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64.rpm himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch.rpm libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64.rpm pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-863 Recommended update for openldap2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openldap2 fixes the following issues: - expose ldap_log.h in -devel (jsc#PED-15735) libldap-2_4-2-2.4.46-150600.25.3.1.x86_64.rpm libldap-data-2.4.46-150600.25.3.1.noarch.rpm openldap2-2.4.46-150600.25.3.1.src.rpm openldap2-client-2.4.46-150600.25.3.1.x86_64.rpm openldap2-devel-2.4.46-150600.25.3.1.x86_64.rpm openldap2-devel-static-2.4.46-150600.25.3.1.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150600.25.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1040 Security update for systemd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - a943e3ce2f machined: reject invalid class types when registering machines - 71593f77db udev: fix review mixup - 73a89810b4 udev-builtin-net-id: print cescaped bad attributes - 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX - 40905232e2 udev: ensure tag parsing stays within bounds - 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf - d018ac1ea3 udev: check for invalid chars in various fields received from the kernel - aef6e11921 core/cgroup: avoid one unnecessary strjoina() - cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements - 26a748f727 core: validate input cgroup path more prudently - 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs libsystemd0-254.27-150600.4.62.1.x86_64.rpm True libudev1-254.27-150600.4.62.1.x86_64.rpm True systemd-254.27-150600.4.62.1.src.rpm True systemd-254.27-150600.4.62.1.x86_64.rpm True systemd-container-254.27-150600.4.62.1.x86_64.rpm True systemd-coredump-254.27-150600.4.62.1.x86_64.rpm True systemd-devel-254.27-150600.4.62.1.x86_64.rpm True systemd-doc-254.27-150600.4.62.1.x86_64.rpm True systemd-journal-remote-254.27-150600.4.62.1.x86_64.rpm True systemd-lang-254.27-150600.4.62.1.noarch.rpm True systemd-resolved-254.27-150600.4.62.1.x86_64.rpm True systemd-sysvcompat-254.27-150600.4.62.1.x86_64.rpm True udev-254.27-150600.4.62.1.x86_64.rpm True libsystemd0-32bit-254.27-150600.4.62.1.x86_64.rpm True libudev1-32bit-254.27-150600.4.62.1.x86_64.rpm True systemd-32bit-254.27-150600.4.62.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-929 Recommended update for gedit important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gedit fixes the following issues: - Disable externaltools plugin to prevent crash (bsc#1255717). gedit-46.1-150600.3.3.1.src.rpm python3-gedit-46.1-150600.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1008 Security update for Prometheus important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for Prometheus fixes the following issues: golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824): * Modernized Interface: Introduced a brand-new UI * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support for more secure, native cloudauthentication. * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental to a stable feature. * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending data to external systems. * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping operations. * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier to troubleshoot why targets aren't reporting correctly. * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were accidentally being scraped multiple times. golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.src.rpm golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-838 Security update for python-tornado moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-tornado fixes the following issue: - CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903). python-tornado-4.5.3-150000.3.16.1.src.rpm python3-tornado-4.5.3-150000.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1090 Security update for python3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). libpython3_6m1_0-3.6.15-150300.10.109.1.x86_64.rpm python3-3.6.15-150300.10.109.1.src.rpm python3-3.6.15-150300.10.109.1.x86_64.rpm python3-base-3.6.15-150300.10.109.1.x86_64.rpm python3-core-3.6.15-150300.10.109.1.src.rpm python3-curses-3.6.15-150300.10.109.1.x86_64.rpm python3-dbm-3.6.15-150300.10.109.1.x86_64.rpm python3-devel-3.6.15-150300.10.109.1.x86_64.rpm python3-idle-3.6.15-150300.10.109.1.x86_64.rpm python3-tk-3.6.15-150300.10.109.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-894 Security update for libsoup moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). libsoup-3.4.4-150600.3.42.1.src.rpm libsoup-3_0-0-3.4.4-150600.3.42.1.x86_64.rpm libsoup-devel-3.4.4-150600.3.42.1.x86_64.rpm libsoup-lang-3.4.4-150600.3.42.1.noarch.rpm typelib-1_0-Soup-3_0-3.4.4-150600.3.42.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-886 Security update for libsoup2 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libsoup2 fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). libsoup-2_4-1-2.74.3-150600.4.33.1.x86_64.rpm libsoup2-2.74.3-150600.4.33.1.src.rpm libsoup2-devel-2.74.3-150600.4.33.1.x86_64.rpm libsoup2-lang-2.74.3-150600.4.33.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-910 Security update for vim moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: Fixed that a crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). - CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052) - CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053) - CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054) - CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault - CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056) vim-9.2.0110-150500.20.43.1.src.rpm vim-9.2.0110-150500.20.43.1.x86_64.rpm vim-data-9.2.0110-150500.20.43.1.noarch.rpm vim-data-common-9.2.0110-150500.20.43.1.noarch.rpm vim-small-9.2.0110-150500.20.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-888 Security update for dnsdist important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852). - CVE-2025-30187: denial of service via crafted DoH exchange (bsc#1250054). dnsdist-1.9.11-150700.3.6.1.src.rpm dnsdist-1.9.11-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1372 Recommended update for tpm2-0-tss moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tpm2-0-tss fixes the following issue: - When installing libtss2-fapi errors from systemd-tmpfiles can appear. Adding 'Requires' to libtss2-fapi to pull in the tss user (bsc#1258720). libtss2-esys0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-fapi1-3.1.1-150600.4.3.2.x86_64.rpm libtss2-mu0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-rc0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-sys1-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tcti-cmd0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tcti-device0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tcti-mssim0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tcti-pcap0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tcti-swtpm0-3.1.1-150600.4.3.2.x86_64.rpm libtss2-tctildr0-3.1.1-150600.4.3.2.x86_64.rpm tpm2-0-tss-3.1.1-150600.4.3.2.src.rpm tpm2-0-tss-3.1.1-150600.4.3.2.x86_64.rpm tpm2-0-tss-devel-3.1.1-150600.4.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1390 Recommended update for mdadm moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mdadm fixes the following issues: - Update to version 4.4+40.g243a5d9f: * avoid mdcheck_continue.timer and mdcheck_start.timer firing simultaneously (bsc#1243443, bsc#1259090) mdadm-4.4+40.g243a5d9f-150700.4.24.1.src.rpm mdadm-4.4+40.g243a5d9f-150700.4.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1093 Security update for xen important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) - CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248, XSA-481) xen-4.20.2_08-150700.3.28.1.src.rpm xen-libs-4.20.2_08-150700.3.28.1.x86_64.rpm xen-tools-domU-4.20.2_08-150700.3.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1175 Optional update for nvidia-open-driver-G07-signed moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nvidia-open-driver-G07-signed fixes the following issues: - adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again - update CUDA variant to 595.58.03 - update non-CUDA version to 595.58.03 (bsc#1260044) - do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) - improved RPM description for -cuda and non-cuda variant - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant: * to be able to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW; - Ships CUDA variant in versin 595.45.04. - Ships non-CUDA variant in version 595.45.04. nv-prefer-signed-open-driver-G07-595.58.03-150700.16.5.1.x86_64.rpm nvidia-open-driver-G07-signed-595.58.03-150700.16.5.1.src.rpm nvidia-open-driver-G07-signed-cuda-595.58.03-150700.16.5.1.src.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-150700.16.5.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_150700.53.34-150700.16.5.1.x86_64.rpm nvidia-open-driver-G07-signed-default-devel-595.58.03-150700.16.5.1.x86_64.rpm nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_150700.53.34-150700.16.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-893 Recommended update for rdma-core low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rdma-core fixes the following issue: - ship libibverbs1-32bit to packagehub, to meet requirements of libpcap1-32bit. infiniband-diags-54.0-150700.3.2.1.x86_64.rpm libefa1-54.0-150700.3.2.1.x86_64.rpm libhns1-54.0-150700.3.2.1.x86_64.rpm libibmad5-54.0-150700.3.2.1.x86_64.rpm libibnetdisc5-54.0-150700.3.2.1.x86_64.rpm libibumad3-54.0-150700.3.2.1.x86_64.rpm libibverbs-54.0-150700.3.2.1.x86_64.rpm libibverbs1-54.0-150700.3.2.1.x86_64.rpm libmana1-54.0-150700.3.2.1.x86_64.rpm libmlx4-1-54.0-150700.3.2.1.x86_64.rpm libmlx5-1-54.0-150700.3.2.1.x86_64.rpm librdmacm1-54.0-150700.3.2.1.x86_64.rpm rdma-core-54.0-150700.3.2.1.src.rpm rdma-core-54.0-150700.3.2.1.x86_64.rpm rdma-core-devel-54.0-150700.3.2.1.x86_64.rpm rsocket-54.0-150700.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-931 Security update for jq low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). jq-1.6-150000.3.12.1.src.rpm jq-1.6-150000.3.12.1.x86_64.rpm libjq-devel-1.6-150000.3.12.1.x86_64.rpm libjq1-1.6-150000.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-966 Recommended update for sssd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Restore default config file installation (bsc#1259250) - Make sure previously rotated logs are chown-ed as well (bsc#1259475) - Fix sss_obfuscate crash with python 3.6 (bsc#1259381) libipa_hbac-devel-2.10.2-150700.9.22.1.x86_64.rpm libipa_hbac0-2.10.2-150700.9.22.1.x86_64.rpm libsss_certmap-devel-2.10.2-150700.9.22.1.x86_64.rpm libsss_certmap0-2.10.2-150700.9.22.1.x86_64.rpm libsss_idmap-devel-2.10.2-150700.9.22.1.x86_64.rpm libsss_idmap0-2.10.2-150700.9.22.1.x86_64.rpm libsss_nss_idmap-devel-2.10.2-150700.9.22.1.x86_64.rpm libsss_nss_idmap0-2.10.2-150700.9.22.1.x86_64.rpm libsss_simpleifp-devel-2.10.2-150700.9.22.1.x86_64.rpm libsss_simpleifp0-2.10.2-150700.9.22.1.x86_64.rpm python3-sssd-config-2.10.2-150700.9.22.1.x86_64.rpm sssd-2.10.2-150700.9.22.1.src.rpm sssd-2.10.2-150700.9.22.1.x86_64.rpm sssd-ad-2.10.2-150700.9.22.1.x86_64.rpm sssd-dbus-2.10.2-150700.9.22.1.x86_64.rpm sssd-ipa-2.10.2-150700.9.22.1.x86_64.rpm sssd-kcm-2.10.2-150700.9.22.1.x86_64.rpm sssd-krb5-2.10.2-150700.9.22.1.x86_64.rpm sssd-krb5-common-2.10.2-150700.9.22.1.x86_64.rpm sssd-ldap-2.10.2-150700.9.22.1.x86_64.rpm sssd-proxy-2.10.2-150700.9.22.1.x86_64.rpm sssd-tools-2.10.2-150700.9.22.1.x86_64.rpm sssd-winbind-idmap-2.10.2-150700.9.22.1.x86_64.rpm sssd-32bit-2.10.2-150700.9.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1552 Recommended update for adcli moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for adcli fixes the following issues: - Build with openldap 2.5 to support TLS channel binding; (bsc#1259148); - Add missing use-ldaps option; (bsc#1259996) adcli-0.8.2-150600.22.5.1.src.rpm adcli-0.8.2-150600.22.5.1.x86_64.rpm adcli-doc-0.8.2-150600.22.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-903 Security update for curl important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). curl-8.14.1-150700.7.14.1.src.rpm curl-8.14.1-150700.7.14.1.x86_64.rpm libcurl-devel-8.14.1-150700.7.14.1.x86_64.rpm libcurl4-8.14.1-150700.7.14.1.x86_64.rpm libcurl4-32bit-8.14.1-150700.7.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1338 Security update for giflib moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for giflib fixes the following issue: - CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502). giflib-5.2.2-150000.4.19.1.src.rpm giflib-devel-5.2.2-150000.4.19.1.x86_64.rpm libgif7-5.2.2-150000.4.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-980 Security update for strongswan important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP (bsc#1259472). strongswan-5.9.14-150700.3.9.1.src.rpm strongswan-5.9.14-150700.3.9.1.x86_64.rpm strongswan-doc-5.9.14-150700.3.9.1.noarch.rpm strongswan-hmac-5.9.14-150700.3.9.1.x86_64.rpm strongswan-ipsec-5.9.14-150700.3.9.1.x86_64.rpm strongswan-libs0-5.9.14-150700.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1327 Recommended update for scap-security-guide moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for scap-security-guide fixes the following issues: - Update the SSG package description - Add SLE16 profiles to the build - updated to 0.1.79 (jsc#ECO-3319): * Create SLE16 HIPAA profile * Create SLE16 PCI DSS 4 profile * Use Sequoia in RHEL 10 instead of GPG * New Profile for RHEL10: BSI * Move RHEL Control files to product files * Update RHEL 9 CCN profile * Various updates for SLE 12/15 scap-security-guide-0.1.80-150000.1.106.1.noarch.rpm scap-security-guide-0.1.80-150000.1.106.1.src.rpm scap-security-guide-debian-0.1.80-150000.1.106.1.noarch.rpm scap-security-guide-redhat-0.1.80-150000.1.106.1.noarch.rpm scap-security-guide-ubuntu-0.1.80-150000.1.106.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1098 Security update for cosign important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cosign rebuilds it against the current go 1.25 security release. cosign-3.0.5-150400.3.37.1.src.rpm cosign-3.0.5-150400.3.37.1.x86_64.rpm cosign-bash-completion-3.0.5-150400.3.37.1.noarch.rpm cosign-zsh-completion-3.0.5-150400.3.37.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-949 Security update for runc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc rebuilds it against the current go 1.25 security release. runc-1.3.4-150000.90.1.src.rpm runc-1.3.4-150000.90.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1105 Security update for containerd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for containerd rebuilds it against the current go 1.25 security release. containerd-1.7.29-150000.130.1.src.rpm containerd-1.7.29-150000.130.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-950 Security update for docker important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker rebuilds it against the current go 1.25 security release. docker-28.5.1_ce-150000.243.1.src.rpm docker-28.5.1_ce-150000.243.1.x86_64.rpm docker-buildx-0.29.0-150000.243.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-934 Recommended update for libosinfo moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libosinfo fixes the following issue: - UEFI as default for new VMs (jsc#PED-14636). libosinfo-1.12.0-150700.3.3.2.src.rpm libosinfo-1.12.0-150700.3.3.2.x86_64.rpm libosinfo-1_0-0-1.12.0-150700.3.3.2.x86_64.rpm libosinfo-lang-1.12.0-150700.3.3.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-927 Recommended update for osinfo-db moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for osinfo-db fixes the following issues: - UEFI as default for new VMs (jsc#PED-14636). - Add support for: SLES-16.1, openSUSE Leap 16.1 (jsc#PED-14625). - Update to database version 20251212 (jsc#PED-14625). osinfo-db-20251212-150700.5.9.2.noarch.rpm osinfo-db-20251212-150700.5.9.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1120 Recommended update for ipw-firmware important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ipw-firmware fixes the following issues: - mark LICENSE.ipw2200 as %license (bsc#1252153) ipw-firmware-9-150000.3.3.1.noarch.rpm ipw-firmware-9-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1325 Security update for clamav moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: - Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. clamav-1.5.2-150600.18.25.1.src.rpm clamav-1.5.2-150600.18.25.1.x86_64.rpm clamav-devel-1.5.2-150600.18.25.1.x86_64.rpm clamav-docs-html-1.5.2-150600.18.25.1.noarch.rpm clamav-milter-1.5.2-150600.18.25.1.x86_64.rpm libclamav12-1.5.2-150600.18.25.1.x86_64.rpm libclammspack0-1.5.2-150600.18.25.1.x86_64.rpm libfreshclam4-1.5.2-150600.18.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1373 Recommended update for crda moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for crda fixes the following issue: - package LICENSE with %license tag (bsc#1252141). crda-3.18-150000.3.3.2.src.rpm crda-3.18-150000.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1172 Recommended update for re2c important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for re2c fixes the following issues: - package LICENSE and tag is as %license (bsc#1252224) - added sources: * LICENSE re2c-1.0.3-150000.3.6.1.src.rpm re2c-1.0.3-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1147 Recommended update for jasper important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for jasper fixes the following issues: - use %license tag (bsc#1252155) jasper-2.0.14-150000.3.40.1.src.rpm libjasper4-2.0.14-150000.3.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1310 Security update for libssh moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). libssh-0.9.8-150600.11.12.1.src.rpm libssh-config-0.9.8-150600.11.12.1.x86_64.rpm libssh-devel-0.9.8-150600.11.12.1.x86_64.rpm libssh4-0.9.8-150600.11.12.1.x86_64.rpm libssh4-32bit-0.9.8-150600.11.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1349 Security update for python311 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python311 fixes the following issues: - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables (bsc#1252974). - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (bsc#1254997). - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). - CVE-2025-13836: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length (bsc#1254400). - CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (bsc#1254401). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181). - CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). - CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). - CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). - CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). libpython3_11-1_0-3.11.15-150600.3.53.1.x86_64.rpm python311-base-3.11.15-150600.3.53.1.x86_64.rpm python311-core-3.11.15-150600.3.53.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1081 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587). - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). - CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). - CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). - CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). - CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). - CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). - CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379). - CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). - CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530). - CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811). - CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698). - CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683). - CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). - CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). - CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). - CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716). - CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). - CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755). - CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159). - CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635). - CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687). - CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). - CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). - CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179). - CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). - CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). - CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). - CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556). - CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). - CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). - CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). - CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). - CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745). - CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). - CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). - CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). - CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). - CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). - CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772). - CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). - CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). - CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). - CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). - CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). - CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278). - CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). - CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). - CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). - CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). - CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). - CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). - CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). - CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). - CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349). - CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). - CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517). - CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465). - CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non security issues were fixed: - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: vmaster: Relax __free() variable declarations (git-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes). - arm64: Disable branch profiling for all arm64 code (git-fixes). - arm64: Set __nocfi on swsusp_arch_resume() (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Consistently clear interrupts before unmasking (git-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - block,bfq: fix aux stat accumulation destination (git-fixes). - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes). - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - bpf: selftests: Move xfrm tunnel test to test_progs (bsc#1258860). - bpf: selftests: test_tunnel: Setup fresh topology for each subtest (bsc#1258860). - bpf: selftests: test_tunnel: Use vmlinux.h declarations (bsc#1258860). - bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes). - bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860). - bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state() (bsc#1258860). - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - cgroup: Fix incorrect WARN_ON_ONCE() in css_release_work_fn() (bsc#1256564 bsc#1259130). - cgroup: Show # of subsystem CSSes in cgroup.stat (bsc#1256564 bsc#1259130). - char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes). - cifs: add xid to query server interface call (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clocksource: hyper-v: Fix warnings for missing export.h header inclusion (git-fixes). - clocksource: Print durations for sync check unconditionally (bsc#1241345). - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345). - config.conf: add kernel-azure as additonal flavor (bsc#1258037). - config.conf: Drop armv7hl builds (bsc#1255265). - cpu: export lockdep_assert_cpus_held() (git-fixes). - cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update (bsc#1247180). - cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() (bsc#1247180). - cpufreq/amd-pstate: fix setting policy current frequency value (bsc#1247180). - cpufreq/amd-pstate: Fix the clamping of perf values (bsc#1247180). - cpufreq/amd-pstate: Modularize perf<->freq conversion (bsc#1247180). - cpufreq/amd-pstate: Refactor max frequency calculation (bsc#1247180). - cpufreq/amd-pstate: store all values in cpudata struct in khz (bsc#1247180). - cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq (bsc#1247180). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: ccp - Add an S4 restore flow (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: hisilicon/trng - support tfms sharing the device (git-fixes). - crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - dm mpath: make pg_init_delay_msecs settable (git-fixes). - dm-bufio: align write boundary on physical block size (git-fixes). - dm-ebs: Mark full buffer dirty even on partial write (git-fixes). - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes). - dm: clear cloned request bio pointer when last clone bio completes (git-fixes). - dm: remove fake timeout to avoid leak request (git-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - drivers/hv: add CPU offlining support (git-fixes). - drivers/hv: introduce vmbus_channel_set_cpu() (git-fixes). - Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes). - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes). - Drivers: hv: Fix bad pointer dereference in hv_get_partition_id (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: Fix the check for HYPERVISOR_CALLBACK_VECTOR (git-fixes). - Drivers: hv: Fix warnings for missing export.h header inclusion (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes). - Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes). - Drivers: hv: Use kzalloc for panic page allocation (git-fixes). - Drivers: hv: util: Cosmetic changes for hv_utils_transport.c (git-fixes). - Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes). - Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). - Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes). - Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). - Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes). - Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes). - drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes). - drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes). - drm/amd/display: Disable FEC when powering down encoders (stable-fixes). - drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes). - drm/amd/display: Fix dsc eDP issue (stable-fixes). - drm/amd/display: Fix GFX12 family constant checks (stable-fixes). - drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes). - drm/amd/display: Fix system resume lag issue (stable-fixes). - drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes). - drm/amd/display: only power down dig on phy endpoints (stable-fixes). - drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes). - drm/amd/display: remove assert around dpp_base replacement (stable-fixes). - drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes). - drm/amd: Disable MES LR compute W/A (git-fixes). - drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amdgpu: avoid a warning in timedout job handler (stable-fixes). - drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes). - drm/amdgpu: Fix locking bugs in error paths (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amdgpu: remove invalid usage of sched.ready (stable-fixes). - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes). - drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes). - drm/amdgpu: stop unmapping MQD for kernel queues v3 (stable-fixes). - drm/amdgpu: Unlock a mutex before destroying it (git-fixes). - drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes). - drm/amdkfd: fix debug watchpoints for logical devices (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes). - drm/amdkfd: Relax size checking during queue buffer get (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/bridge: anx7625: Fix invalid EDID size (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes). - drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes). - drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes). - drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes). - drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes). - drm/panthor: Evict groups before VM termination (git-fixes). - drm/panthor: Fix immediate ticking on a disabled tick (git-fixes). - drm/panthor: Fix the full_tick check (git-fixes). - drm/panthor: Fix the group priority rotation logic (git-fixes). - drm/panthor: Fix the logic that decides when to stop ticking (git-fixes). - drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes). - drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - drm/tegra: hdmi: sor: Fix error: variable 'j' set but not used (stable-fixes). - drm/tests: shmem: Swap names of export tests (git-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes). - drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes). - drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes). - drm/xe/ptl: Apply Wa_13011645652 (stable-fixes). - drm/xe/query: Fix topology query pointer advance (git-fixes). - drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes). - drm/xe/xe2_hpg: Add set of workarounds (stable-fixes). - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes). - drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes). - drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes). - drm/xe: Clarify size of MMIO region (stable-fixes). - drm/xe: Create dedicated xe_mmio structure (stable-fixes). - drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes). - drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes). - drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes). - drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes). - drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes). - drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes). - drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes). - drm/xe: Unregister drm device on probe error (git-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hyperv: Convert hypercall statuses to linux error codes (git-fixes). - hyperv: Move arch/x86/hyperv/hv_proc.c to drivers/hv (git-fixes). - hyperv: Move hv_current_partition_id to arch-generic code (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - Input: stmfts - make comments correct (git-fixes). - iomap: account for unaligned end offsets when truncating read range (git-fixes). - ipmi: ipmb: initialise event handler read bytes (git-fixes). - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes). - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes). - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes). - KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes). - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes). - landlock: Optimize file path walks and prepare for audit support (bsc#1255698). - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: amphion: Drop min_queued_buffers assignment (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: ccs: Fix setting initial sub-device state (git-fixes). - media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: ipu6: Fix RPM reference leak in probe error paths (git-fixes). - media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: verisilicon: AV1: Fix enable cdef computation (git-fixes). - media: verisilicon: AV1: Fix tile info buffer size (git-fixes). - media: verisilicon: AV1: Fix tx mode bit setting (git-fixes). - media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - net: mana: Support HW link state events (bsc#1253049). - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes). - net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: usb: r8152: fix transmit queue timeout (stable-fixes). - net: usb: sr9700: remove code to drive nonexistent multicast filter (stable-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfsd: check that server is running in unlock_filesystem (bsc#1257279). - nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes). - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - nvme-fc: don't hold rport lock when putting ctrl (git-fixes). - nvme-fc: release admin tagset if init fails (git-fixes). - nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - PCI/MSI: Unmap MSI-X region on error (git-fixes). - PCI/MSI: Unmap MSI-X region on error (stable-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes). - PCI: Add defines for bridge window indexing (stable-fixes). - PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros (stable-fixes). - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port (git-fixes). - PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port (stable-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (stable-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - PCI: Fix pci_slot_lock () device locking (git-fixes). - PCI: Fix pci_slot_lock () device locking (stable-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: hv: Correct a comment (git-fixes). - PCI: hv: Fix warnings for missing export.h header inclusion (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Log bridge info when first enumerating bridge (stable-fixes). - PCI: Log bridge windows conditionally (stable-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (stable-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes). - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: Move pci_read_bridge_windows() below individual window accessors (stable-fixes). - PCI: Supply bridge device, not secondary bus, to read window details (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes). - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes). - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: ISST: Add missing write block check (git-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - RDMA/rtrs-clt: For conn rejection use actual err number (git-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). - Revert "bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" (git-fixes). - Revert "hwmon: (ibmpex) fix use-after-free in high/low store" (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - Revert "selftests/bpf: Add tc helpers (bsc#1258860). - Revert "selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860). - Revert "selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860). - Revert "selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860). - Revert "selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860). - Revert "selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860). - Revert "selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - rtc: zynqmp: correct frequency value (stable-fixes). - s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). - s390/ipl: Clear SBP flag when bootprog is set (bsc#1258176). - s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253644). - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - scsi: storvsc: Remove redundant ternary operators (git-fixes). - selftests/bpf: Add tc helpers (bsc#1258860). - selftests/bpf: add verifier sign extension bound computation tests (git-fixes). - selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs (bsc#1258860). - selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big endian platforms (bsc#1258860). - selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860). - selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860). - selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860). - selftests/bpf: test_tunnel: Add generic_attach* helpers (bsc#1258860). - selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860). - selftests/bpf: test_tunnel: Move erspan tunnel tests to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move gre tunnel test to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move ip6erspan tunnel test to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move ip6geneve tunnel test to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to test_progs (bsc#1258860). - selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860). - selftests/bpf: Use connect_to_addr in test_sock_addr (bsc#1258860). - selftests/bpf: Use log_err in open_netns/close_netns (bsc#1258860). - selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860). - selftests/bpf: Use start_server_addr in test_sock_addr (bsc#1258860). - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes). - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (stable-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (stable-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes). - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (stable-fixes). - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes). - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (stable-fixes). - spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - spi: wpcm-fiu: Fix uninitialized res (git-fixes). - spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes). - spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes). - tools/hv: fcopy: Fix irregularities with size of ring buffer (git-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - uio_hv_generic: Align ring size to system page (git-fixes). - uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes). - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153 bsc#1258226). - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153). - usb: bdc: fix sleep during atomic (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes). - wifi: rtw89: mac: correct page number for CSI response (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - workqueue: mark power efficient workqueue as unbounded if (bsc#1257891). - x86/hyperv: fix an indentation issue in mshyperv.h (git-fixes). - x86/hyperv: Fix usage of cpu_online_mask to get valid cpu (git-fixes). - x86/hyperv: Fix warnings for missing export.h header inclusion (git-fixes). - x86/hyperv: Use named operands in inline asm (git-fixes). kernel-default-6.4.0-150700.53.34.1.nosrc.rpm True kernel-default-6.4.0-150700.53.34.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.34.1.150700.17.23.1.src.rpm True kernel-default-base-6.4.0-150700.53.34.1.150700.17.23.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.34.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.34.1.noarch.rpm True kernel-macros-6.4.0-150700.53.34.1.noarch.rpm True kernel-source-6.4.0-150700.53.34.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-1065 Security update for sqlite3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug libsqlite3-0-3.51.3-150000.3.39.1.x86_64.rpm sqlite3-3.51.3-150000.3.39.1.src.rpm sqlite3-3.51.3-150000.3.39.1.x86_64.rpm sqlite3-devel-3.51.3-150000.3.39.1.x86_64.rpm sqlite3-tcl-3.51.3-150000.3.39.1.x86_64.rpm libsqlite3-0-32bit-3.51.3-150000.3.39.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1066 Security update for ruby2.5 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem (bsc#1232440 bsc#1232441). - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations (bsc#1250016). - CVE-2026-27820: insufficient checks in `zstream_buffer_ungets` can lead to a buffer overflow (bsc#1259239). libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64.rpm ruby2.5-2.5.9-150700.24.6.1.src.rpm ruby2.5-2.5.9-150700.24.6.1.x86_64.rpm ruby2.5-devel-2.5.9-150700.24.6.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1158 Security update for python-pyasn1 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). python-pyasn1-0.4.2-150000.3.16.1.src.rpm python3-pyasn1-0.4.2-150000.3.16.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1067 Security update for python-urllib3 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). python-urllib3-1.25.10-150300.4.24.1.src.rpm python3-urllib3-1.25.10-150300.4.24.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1171 Security update for python-tornado important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-tornado fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630). python-tornado-4.5.3-150000.3.19.1.src.rpm python3-tornado-4.5.3-150000.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1074 Security update for nghttp2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nghttp2 fixes the following issues: - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS (bsc#1259845). libnghttp2-14-1.64.0-150700.3.3.1.x86_64.rpm libnghttp2-devel-1.64.0-150700.3.3.1.x86_64.rpm nghttp2-1.64.0-150700.3.3.1.src.rpm libnghttp2-14-32bit-1.64.0-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1350 Security update for nghttp2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). libnghttp2_asio-devel-1.40.0-150600.25.5.1.x86_64.rpm libnghttp2_asio1-1.40.0-150600.25.5.1.x86_64.rpm nghttp2-1.40.0-150600.25.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1400 Security update for python-PyJWT important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). python-PyJWT-2.4.0-150200.3.11.1.src.rpm python3-PyJWT-2.4.0-150200.3.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1364 Security update for webkit2gtk3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.52.0. Security issues fixed: - CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950). - CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949). - CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948). - CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947). - CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946). - CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945). - CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944). - CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943). - CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942). - CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941). - CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940). - CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939). - CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938). - CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937). - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). - CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936). - CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935). - CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). - CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). - CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934). - CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). - CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). - CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). - CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). - CVE-2026-28871: visiting a maliciously crafted website may lead to a cross-site scripting attack (bsc#1261179). Other updates and bugfixes: - Make scrolling with touch input smoother for small movements. - Fix estimated load progress of downloads when Content-Length value is wrong. - Ensure that "scrollend" events are correctly emitted after scroll animations. - Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. - Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. - Add Sysprof marks for mouse events. - Fix MediaSession icon for iheart.com not being displayed. - Fix the build with USE_GSTREAMER_GL disabled. - Fix the build with librice version 0.3.0 or newer. - Fix several crashes and rendering issues. - Translation updates: Georgian. WebKitGTK-4.0-lang-2.52.1-150600.12.63.1.noarch.rpm WebKitGTK-6.0-lang-2.52.1-150600.12.63.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1.x86_64.rpm libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1.x86_64.rpm libwebkitgtk-6_0-4-2.52.1-150600.12.63.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1.x86_64.rpm webkit2gtk3-soup2-2.52.1-150600.12.63.1.src.rpm webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1.x86_64.rpm webkit2gtk4-2.52.1-150600.12.63.1.src.rpm webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1434 Recommended update for apparmor moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apparmor fixes the following issues: - samba gives denied in audit with apparmor (bsc#1225811). - apparmor denies printing with profiles on sle15-sp7 (bsc#1259441). apparmor-3.1.7-150600.5.12.2.src.rpm apparmor-abstractions-3.1.7-150600.5.12.2.noarch.rpm apparmor-docs-3.1.7-150600.5.12.2.noarch.rpm apparmor-parser-3.1.7-150600.5.12.2.x86_64.rpm apparmor-parser-lang-3.1.7-150600.5.12.2.noarch.rpm apparmor-profiles-3.1.7-150600.5.12.2.noarch.rpm apparmor-utils-3.1.7-150600.5.12.2.noarch.rpm apparmor-utils-lang-3.1.7-150600.5.12.2.noarch.rpm libapparmor-3.1.7-150600.5.12.2.src.rpm libapparmor-devel-3.1.7-150600.5.12.2.x86_64.rpm libapparmor1-3.1.7-150600.5.12.2.x86_64.rpm pam_apparmor-3.1.7-150600.5.12.2.x86_64.rpm python3-apparmor-3.1.7-150600.5.12.2.x86_64.rpm libapparmor1-32bit-3.1.7-150600.5.12.2.x86_64.rpm pam_apparmor-32bit-3.1.7-150600.5.12.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1153 Security update for perl-XML-Parser important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901). - CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902). perl-XML-Parser-2.44-150000.3.3.1.src.rpm perl-XML-Parser-2.44-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1177 Security update for tar important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). tar-1.34-150000.3.37.1.src.rpm tar-1.34-150000.3.37.1.x86_64.rpm tar-lang-1.34-150000.3.37.1.noarch.rpm tar-rmt-1.34-150000.3.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1167 Recommended update for apache2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for apache2 fixes the following issues: - Update to 2.4.66: * ECO: (jsc#PED-15953): * Fix: apache2-worker segfaults (bsc#1254182) - Removed patches, as they've been merged/fixed upstream. - Removed these FIPS-related patches too, as they too have been merged upstream apache2-2.4.66-150700.4.15.1.src.rpm apache2-2.4.66-150700.4.15.1.x86_64.rpm apache2-prefork-2.4.66-150700.4.15.1.src.rpm apache2-prefork-2.4.66-150700.4.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1113 Recommended update for crypto-policies moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for crypto-policies fixes the following issues: Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825) * The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled. crypto-policies-20230920.570ea89-150600.3.16.1.noarch.rpm crypto-policies-20230920.570ea89-150600.3.16.1.src.rpm crypto-policies-scripts-20230920.570ea89-150600.3.16.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1408 Security update for tiff moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tiff fixes the following issues: - CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798). - CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801). libtiff5-4.0.9-150000.45.63.1.x86_64.rpm tiff-4.0.9-150000.45.63.1.src.rpm libtiff5-32bit-4.0.9-150000.45.63.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1112 Optional update for rsyslog moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). rsyslog-8.2406.0-150700.3.2.1.src.rpm rsyslog-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-ossl-8.2406.0-150700.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1545 Recommended update for ipmitool moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ipmitool fixes the following issue: - Fix bad pid file creation in ipmievd (bsc#1259310). ipmitool-1.8.19.13.gbe11d94-150700.3.3.1.src.rpm ipmitool-1.8.19.13.gbe11d94-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1219 Recommended update for libteam important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libteam fixes the following issues: - Fix: teamd incorrect Slave MAC (dev_addr) in LACP on SLES15SP7 (bsc#1258224): * teamd: + add port_hwaddr_changed for ab runner + add port_hwaddr_changed for lacp runner + add port_hwaddr_changed for lb runner libteam-1.27-150000.4.18.1.src.rpm libteam-devel-1.27-150000.4.18.1.x86_64.rpm libteam5-1.27-150000.4.18.1.x86_64.rpm libteamdctl0-1.27-150000.4.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1378 Security update for kea important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for kea fixes the following issues: Update to release 2.6.5: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Corrected an issue in logging configuration when parsing "syslog:" * Earlier Kea versions could crash when handling misconfigured global reservations. This has been fixed. * Support for recent versions of Sphinx has been added. kea-2.6.5-150700.3.6.1.src.rpm python3-kea-2.6.5-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1375 Security update for openssl-3 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). Other updates and bugfixes: - Enable MD2 in legacy provider (jsc#PED-15724). libopenssl-3-devel-3.2.3-150700.5.31.1.x86_64.rpm libopenssl-3-fips-provider-3.2.3-150700.5.31.1.x86_64.rpm libopenssl3-3.2.3-150700.5.31.1.x86_64.rpm openssl-3-3.2.3-150700.5.31.1.src.rpm openssl-3-3.2.3-150700.5.31.1.x86_64.rpm libopenssl-3-fips-provider-32bit-3.2.3-150700.5.31.1.x86_64.rpm libopenssl3-32bit-3.2.3-150700.5.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1351 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: Security issues: - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). - CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). - CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). - CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). - use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202). Upgrade to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] * Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response. This issue only affected the delv tool and it has now been fixed. [bsc#1259202] Feature Changes: * Record query time for all dnstap responses. * Optimize TCP source port selection on Linux. Bug Fixes: * Fix the handling of key statements defined inside views. * Fix an assertion failure triggered by non-minimal IXFRs. * Fix a crash when retrying a NOTIFY over TCP. * Fetch loop detection improvements. * Randomize nameserver selection. * Fix dnstap logging of forwarded queries. * A stale answer could have been served in case of multiple upstream failures when following CNAME chains. This has been fixed. * Fail DNSKEY validation when supported but invalid DS is found. * Importing an invalid SKR file might corrupt stack memory. * Return FORMERR for queries with the EDNS Client Subnet FAMILY field set to 0. * Fix inbound IXFR performance regression. * Make catalog zone names and member zones' entry names case-insensitive. * Fix implementation of BRID and HHIT record types. * Fix implementation of DSYNC record type. * Fix response policy and catalog zones to work with $INCLUDE directive. bind-9.20.21-150700.3.18.1.src.rpm bind-utils-9.20.21-150700.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1437 Recommended update for ktls-utils moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ktls-utils fixes the following issues: - tlshd: * fixup compile errors with HAVE_GNUTLS_PSK_ALLOCATE_CREDENTIALS2 * use gnutls_psk_allocate_{client,server}_credentials2 (bsc#1258084) ktls-utils-0.10+35.gb3f7e30-150700.3.3.1.src.rpm ktls-utils-0.10+35.gb3f7e30-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1352 Security update for expat important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). expat-2.7.1-150700.3.12.1.src.rpm expat-2.7.1-150700.3.12.1.x86_64.rpm libexpat-devel-2.7.1-150700.3.12.1.x86_64.rpm libexpat1-2.7.1-150700.3.12.1.x86_64.rpm libexpat1-32bit-2.7.1-150700.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1653 Security update for protobuf moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for protobuf fixes the following issues: Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError (bsc#1244663). - CVE-2026-0994: `max_recursion_depth` limit can be bypassed when parsing nested `google.protobuf.Any` messages and lead to the exhaustion of the Python recursion stack (bsc#1257173). libprotobuf20-3.9.2-150200.4.33.1.x86_64.rpm protobuf-3.9.2-150200.4.33.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1424 Security update for polkit moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for polkit fixes the following issue: - CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). libpolkit-agent-1-0-121-150500.3.11.1.x86_64.rpm libpolkit-gobject-1-0-121-150500.3.11.1.x86_64.rpm pkexec-121-150500.3.11.1.x86_64.rpm polkit-121-150500.3.11.1.src.rpm polkit-121-150500.3.11.1.x86_64.rpm polkit-devel-121-150500.3.11.1.x86_64.rpm typelib-1_0-Polkit-1_0-121-150500.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1330 Security update for xorg-x11-server important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922). - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923). - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924). - CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925). - CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926). xorg-x11-server-21.1.15-150700.5.16.1.src.rpm xorg-x11-server-21.1.15-150700.5.16.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-150700.5.16.1.x86_64.rpm xorg-x11-server-extra-21.1.15-150700.5.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1360 Security update for tigervnc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for tigervnc fixes the following issues: - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) libXvnc1-1.14.1-150700.4.3.1.x86_64.rpm tigervnc-1.14.1-150700.4.3.1.src.rpm tigervnc-1.14.1-150700.4.3.1.x86_64.rpm xorg-x11-Xvnc-1.14.1-150700.4.3.1.x86_64.rpm xorg-x11-Xvnc-module-1.14.1-150700.4.3.1.x86_64.rpm xorg-x11-Xvnc-novnc-1.14.1-150700.4.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1644 Security update for python-requests moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). python-requests-2.25.1-150300.3.21.1.src.rpm python3-requests-2.25.1-150300.3.21.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1608 Security update for python-ecdsa moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-ecdsa fixes the following issues: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions (bsc#1261009). python-ecdsa-0.13.3-150000.3.10.1.src.rpm python3-ecdsa-0.13.3-150000.3.10.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1369 Security update for glibc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). glibc-2.38-150600.14.46.1.src.rpm glibc-2.38-150600.14.46.1.x86_64.rpm glibc-devel-2.38-150600.14.46.1.x86_64.rpm glibc-extra-2.38-150600.14.46.1.x86_64.rpm glibc-i18ndata-2.38-150600.14.46.1.noarch.rpm glibc-info-2.38-150600.14.46.1.noarch.rpm glibc-lang-2.38-150600.14.46.1.noarch.rpm glibc-locale-2.38-150600.14.46.1.x86_64.rpm glibc-locale-base-2.38-150600.14.46.1.x86_64.rpm glibc-profile-2.38-150600.14.46.1.x86_64.rpm libnsl1-2.38-150600.14.46.1.x86_64.rpm nscd-2.38-150600.14.46.1.x86_64.rpm glibc-32bit-2.38-150600.14.46.1.x86_64.rpm glibc-locale-base-32bit-2.38-150600.14.46.1.x86_64.rpm libnsl1-32bit-2.38-150600.14.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1368 Security update for libpng16 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). libpng16-1.6.40-150600.3.17.1.src.rpm libpng16-16-1.6.40-150600.3.17.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.17.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.17.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1667 Security update for python-Pygments low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS (bsc#1260796). python-Pygments-2.6.1-150300.4.6.1.src.rpm python3-Pygments-2.6.1-150300.4.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1443 Security update for NetworkManager moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for NetworkManager fixes the following issue: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). Other fixes: - Fixed renew dhcp lease when software devices' MAC is empty (bsc#1225498, glfd#NetworkManager/NetworkManager#1587). NetworkManager-1.44.2-150600.3.7.1.src.rpm libnm0-1.44.2-150600.3.7.1.x86_64.rpm typelib-1_0-NM-1_0-1.44.2-150600.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1366 Security update for bind important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). bind-9.16.6-150300.22.56.1.src.rpm libdns1605-9.16.6-150300.22.56.1.x86_64.rpm libirs-devel-9.16.6-150300.22.56.1.x86_64.rpm libirs1601-9.16.6-150300.22.56.1.x86_64.rpm libisc1606-9.16.6-150300.22.56.1.x86_64.rpm libisccfg1600-9.16.6-150300.22.56.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1618 Security update for dnsdist moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.html#change-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard (bsc#1261236). - CVE-2026-0397: misconfiguration of the CORS policy can lead to information disclosure (bsc#1261237). - CVE-2026-24028: crafted DNS packet parsed by Lua code using `newDNSPacketOverlay` can lead to an out-of-bounds read (bsc#1261238). - CVE-2026-24029: disabled option on a DNS over HTTPS nghttp2 frontend allows clients to bypass ACLs and send DoH queries (bsc#1261239). - CVE-2026-24030: crafted DoQ and DoH3 queries can lead to unbounded memory allocation and DoS (bsc#1261240). - CVE-2026-27853: crafted DNS responses sent to a DNSdist using certain methods in custom Lua code (`changeName`) can lead to an out-of-bounds write (bsc#1261243). - CVE-2026-27854: crafted DNS queries sent to a DNSdist using the `DNSQuestion:getEDNSOptions` method in custom Lua code can lead to a use-after-free (bsc#1261241). dnsdist-1.9.12-150700.3.9.1.src.rpm dnsdist-1.9.12-150700.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1377 Recommended update for libtcnative-1-0 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libtcnative-1-0 fixes the following issues: Update to 1.3.7: [bsc#1260322] 1.3.7: * Code: Refactor access to ASN1_OCTET_STRING to use setters to fix errors when building against the latest OpenSSL 4.0.x code. (markt) * Fix: Fix the handling of OCSP requests with multiple responder URIs. (jfclere) * Fix: Fix the handling of TRY_AGAIN responses to OCSP requests when soft fail is disabled. (jfclere) 1.3.6: * Code: Refactor the SSL_CONF_CTX clean-up to align it with SSL and SSL_CTX clean-up. (markt) * Fix: Fix unnecessarily large buffer allocation when filtering out NULL and export ciphers. Pull requests #35 and #37 provided by chenjp. (markt) * Fix: Fix a potential memory leak if an invalid OpenSSLConf is provided. Pull request #36 provided by chenjp. (markt) * Fix: Refactor setting of OCSP configuration defaults as they were only applied if the SSL_CONF_CTX was used. While one was always used with Tomcat versions aware of the OCSP configuration options, one was not always used with Tomcat versions unaware of the OCSP configuration options leading to OCSP verification being enabled by default when the expected behaviour was disabled by default. (markt) * Code: Improve performance for the rare case of handling large OCSP responses. (markt) 1.3.5: * Fix: Remove group write permissions from the files in the tar.gz source archive. (markt) * Fix: Clear an additional error in OCSP processing that was preventing OCSP soft fail working with Tomcat's APR/native connector. (markt) 1.3.4: * Fix: Correct logic error that prevented the configuration of TLS 1.3 cipher suites. (markt) 1.3.3; * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to avoid a regression when running a version of Tomcat that pre-dates this change. (markt) 1.3.2: * Update: Rename configure.in to modern autotools style configure.ac. (rjung) * Update: Fix incomplete updates for autotools generated files during "buildconf" execution. (rjung) * Update: Improve quoting in tcnative.m4. (rjung) * Update: Update the minimum version of autoconf for releasing to 2.68. (rjung) * Fix: Fix the autoconf warnings when creating a release. (markt) * Update: The Windows binaries are now built with OCSP support enabled by default. (markt) * Add: Include a nonce with OCSP requests and check the nonce, if any, in the OCSP response. (markt) * Add: Expand verification of OCSP responses. (markt) * Add: Add the ability to configure the OCSP checks to soft-fail - i.e. if the responder cannot be contacted or fails to respond in a timely manner the OCSP check will not fail. (markt) * Add: Add a configurable timeout to the writing of OCSP requests and reading of OCSP responses. (markt) * Add: Add the ability to control the OCSP verification flags. (markt) * Add: Configure TLS 1.3 connections from the provided ciphers list as well as connections using TLS 1.2 and earlier. Pull request provided by gastush. (markt) * Update: Update the Windows build environment to use Visual Studio 2022. (markt) 1.3.1: * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) * Add: Use ERR_error_string_n with a definite buffer length as a named constant. (schultz) * Add: Ensure local reference capacity is available when creating new arrays and Strings. (schultz) * Update: Update the recommended minimum version of OpenSSL to 3.0.14. (markt) 1.3.0: * Update: Drop useless compile.optimize option. (michaelo) * Update: Align Java source compile configuration with Tomcat. (michaelo) * Fix: Fix version set in DLL header on Windows. (michaelo) * Update: Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be used. (michaelo) * Update: Update the minimum supported version of LibreSSL to 3.5.2. (markt) * Design: Remove NPN support as NPN was never standardised and browser support was removed in 2019. (markt) * Update: Update the recommended minimum version of OpenSSL to 3.0.13. (markt) Update to 1.2.39: * Fix: 67061: If the insecure optionalNoCA certificate verification mode is used, disable OCSP if enabled else client certificates from unknown certificate authorities will be rejected. * Update: Update the recommended minimum version of OpenSSL to 3.0.11. * Change the hardcoded libopenssl-1_1-devel to libopenssl-devel for distributions that have the right version libtcnative-1-0-1.3.7-150600.16.3.1.src.rpm libtcnative-1-0-1.3.7-150600.16.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1441 Security update for avahi moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). avahi-0.8-150600.15.15.1.src.rpm avahi-0.8-150600.15.15.1.x86_64.rpm avahi-compat-howl-devel-0.8-150600.15.15.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1.x86_64.rpm avahi-glib2-0.8-150600.15.15.1.src.rpm avahi-lang-0.8-150600.15.15.1.noarch.rpm avahi-utils-0.8-150600.15.15.1.x86_64.rpm libavahi-client3-0.8-150600.15.15.1.x86_64.rpm libavahi-common3-0.8-150600.15.15.1.x86_64.rpm libavahi-core7-0.8-150600.15.15.1.x86_64.rpm libavahi-devel-0.8-150600.15.15.1.x86_64.rpm libavahi-glib-devel-0.8-150600.15.15.1.x86_64.rpm libavahi-glib1-0.8-150600.15.15.1.x86_64.rpm libavahi-gobject0-0.8-150600.15.15.1.x86_64.rpm libavahi-libevent1-0.8-150600.15.15.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150600.15.15.1.x86_64.rpm libdns_sd-0.8-150600.15.15.1.x86_64.rpm libhowl0-0.8-150600.15.15.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150600.15.15.1.x86_64.rpm libavahi-client3-32bit-0.8-150600.15.15.1.x86_64.rpm libavahi-common3-32bit-0.8-150600.15.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1607 Security update for vim important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). vim-9.2.0280-150500.20.46.1.src.rpm vim-9.2.0280-150500.20.46.1.x86_64.rpm vim-data-9.2.0280-150500.20.46.1.noarch.rpm vim-data-common-9.2.0280-150500.20.46.1.noarch.rpm vim-small-9.2.0280-150500.20.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1358 Recommended update for sssd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sssd fixes the following issues: - Do not package capabilities, will be applied by %set_permissions rpm macro (bsc#1259436); - Silence noisy warning from sss_cache if run prior starting the daemon and config.ldb does not exist (bsc#1259545); - Fix ldap_child process started by the backend process ending in defunc state. - Create the secrets directory for the KCM service; (bsc#1259253); - Fix missing nss library in 32bit package; (bsc#1260409); - Fix packaging wrong permissions for /usr/share/polkit-1/rules.d (bsc#1260413); libipa_hbac-devel-2.10.2-150700.9.25.1.x86_64.rpm libipa_hbac0-2.10.2-150700.9.25.1.x86_64.rpm libsss_certmap-devel-2.10.2-150700.9.25.1.x86_64.rpm libsss_certmap0-2.10.2-150700.9.25.1.x86_64.rpm libsss_idmap-devel-2.10.2-150700.9.25.1.x86_64.rpm libsss_idmap0-2.10.2-150700.9.25.1.x86_64.rpm libsss_nss_idmap-devel-2.10.2-150700.9.25.1.x86_64.rpm libsss_nss_idmap0-2.10.2-150700.9.25.1.x86_64.rpm libsss_simpleifp-devel-2.10.2-150700.9.25.1.x86_64.rpm libsss_simpleifp0-2.10.2-150700.9.25.1.x86_64.rpm python3-sssd-config-2.10.2-150700.9.25.1.x86_64.rpm sssd-2.10.2-150700.9.25.1.src.rpm sssd-2.10.2-150700.9.25.1.x86_64.rpm sssd-ad-2.10.2-150700.9.25.1.x86_64.rpm sssd-dbus-2.10.2-150700.9.25.1.x86_64.rpm sssd-ipa-2.10.2-150700.9.25.1.x86_64.rpm sssd-kcm-2.10.2-150700.9.25.1.x86_64.rpm sssd-krb5-2.10.2-150700.9.25.1.x86_64.rpm sssd-krb5-common-2.10.2-150700.9.25.1.x86_64.rpm sssd-ldap-2.10.2-150700.9.25.1.x86_64.rpm sssd-proxy-2.10.2-150700.9.25.1.x86_64.rpm sssd-tools-2.10.2-150700.9.25.1.x86_64.rpm sssd-winbind-idmap-2.10.2-150700.9.25.1.x86_64.rpm sssd-32bit-2.10.2-150700.9.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1386 Security update for openssl-1_1 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). libopenssl1_1-1.1.1w-150700.11.16.1.x86_64.rpm openssl-1_1-1.1.1w-150700.11.16.1.src.rpm libopenssl1_1-32bit-1.1.1w-150700.11.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1359 Security update for sudo important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). sudo-1.9.15p5-150600.3.15.1.src.rpm sudo-1.9.15p5-150600.3.15.1.x86_64.rpm sudo-devel-1.9.15p5-150600.3.15.1.x86_64.rpm sudo-plugin-python-1.9.15p5-150600.3.15.1.x86_64.rpm sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1.x86_64.rpm sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1.x86_64.rpm system-group-sudo-1.9.15p5-150600.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1661 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). - CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). - CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). - CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). - CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). - CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). - CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188). - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). - CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866). - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). - CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735). - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: - accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). - ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). - ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). - ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). - ALSA: firewire-lib: fix uninitialized local variable (git-fixes). - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes). - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). - ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). - ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). - ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). - ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). - ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). - ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes). - ASoC: detect empty DMI strings (git-fixes). - ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes). - ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes). - ASoC: Intel: catpt: Fix the device initialization (git-fixes). - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). - ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). - ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes). - ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes). - Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). - Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). - Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes). - Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). - Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). - Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes). - Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes). - Bluetooth: HIDP: Fix possible UAF (git-fixes). - Bluetooth: ISO: Fix defer tests being unstable (git-fixes). - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). - Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). - Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git-fixes). - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes). - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes). - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes). - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (git-fixes). - Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). - Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). - Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes). - Bluetooth: Remove 3 repeated macro definitions (stable-fixes). - Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). - Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). - bonding: do not set usable_slaves for broadcast mode (git-fixes). - btrfs: fix zero size inode with non-zero size after log replay (git-fixes). - btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes). - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). - cifs: Fix locking usage for tcon fields (git-fixes). - cifs: force interface update before a fresh session setup (git-fixes). - cifs: make default value of retrans as zero (git-fixes). - cifs: some missing initializations on replay (git-fixes). - comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). - comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). - comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes). - cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803). - cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq (bsc#1252803). - crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). - crypto: caam - fix DMA corruption on long hmac keys (git-fixes). - crypto: caam - fix overflow on long hmac keys (git-fixes). - dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). - dmaengine: idxd: Fix leaking event log memory (git-fixes). - dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). - dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). - dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). - dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). - dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). - Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes). - Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). - drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (git-fixes). - drm/amd: fix dcn 2.01 check (git-fixes). - drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). - drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes). - drm/amd/display: Do not skip unrelated mode changes in DSC validation (git-fixes). - drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes). - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). - drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (git-fixes). - drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (git-fixes). - drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (stable-fixes). - drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes). - drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes). - drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes). - drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes). - drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amdgpu: prevent immediate PASID reuse case (stable-fixes). - drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes). - drm/amdkfd: Unreserve bo if queue update failed (git-fixes). - drm/ast: dp501: Fix initialization of SCU2C (git-fixes). - drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). - drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes). - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable-fixes). - drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (stable-fixes). - drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). - drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (git-fixes). - drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). - drm/i915/dsc: Add Selective Update register definitions (stable-fixes). - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (git-fixes). - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). - drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). - drm/imagination: Fix deadlock in soft reset sequence (git-fixes). - drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). - drm/msm: Fix dma_free_attrs() buffer size (git-fixes). - drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). - drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes). - drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). - drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - drm/xe: Open-code GGTT MMIO access protection (git-fixes). - drm/xe/oa: Allow reading after disabling OA stream (git-fixes). - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes). - gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). - HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). - HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes). - HID: mcp2221: cancel last I2C command on read error (stable-fixes). - hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes). - hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes). - hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). - hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). - hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). - hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). - hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). - hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). - hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). - hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes). - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). - hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes). - i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). - i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). - i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). - idpf: nullify pointers after they are freed (git-fixes). - iio: accel: fix ADXL355 temperature signature value (git-fixes). - iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). - iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes). - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes). - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). - iio: dac: ds4424: reject -128 RAW value (git-fixes). - iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). - iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). - iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). - iio: gyro: mpu3050: Fix irq resource leak (git-fixes). - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). - iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes). - iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). - iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). - iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). - iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). - iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes). - Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). - irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes). - mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (stable-fixes). - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes). - media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes). - mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). - mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). - mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). - mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). - mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). - mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes). - mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes). - mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). - net: mana: Add metadata support for xdp mode (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - net: mana: Add support for auxiliary device servicing events (bsc#1251971). - net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mana: fix use-after-free in add_adev() error path (git-fixes). - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Fix warnings for missing export.h header inclusion (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Handle unsupported HWC commands (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - net: mana: Reduce waiting time if HWC not responding (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - net: mana: Support HW link state events (bsc#1253049). - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). - net: mana: use ethtool string helpers (git-fixes). - net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). - net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). - net: usb: pegasus: validate USB endpoints (stable-fixes). - net/mana: Null service_wq on setup error to prevent double destroy (git-fix). - net/mana: Null service_wq on setup error to prevent double destroy (git-fixes). - net/mlx5: Fix crash when moving to switchdev mode (git-fixes). - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). - net/x25: Fix overflow when accumulating packets (git-fixes). - net/x25: Fix potential double free of skb (git-fixes). - nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). - NFC: nxp-nci: allow GPIOs to sleep (git-fixes). - NFC: pn533: bound the UART receive buffer (git-fixes). - nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). - nvme: expose active quirks in sysfs (bsc#1243208). - nvme: fix memory leak in quirks_param_set() (bsc#1243208). - PCI: hv: Correct a comment (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - PCI: Update BAR # and window messages (stable-fixes). - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). - pinctrl: equilibrium: fix warning trace on load (git-fixes). - pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). - pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes). - pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). - platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). - platform/x86: ISST: Correct locked bit width (git-fixes). - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). - PM: runtime: Fix a race condition related to device removal (git-fixes). - RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). - RDMA/mana_ib: add additional port counters (bsc#1251135). - RDMA/mana_ib: Add device statistics support (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). - RDMA/mana_ib: Add port statistics support (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - RDMA/mana_ib: add support of multiple ports (bsc#1251135). - RDMA/mana_ib: Adding and deleting GIDs (git-fixes). - RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - RDMA/mana_ib: Configure mac address in RNIC (git-fixes). - RDMA/mana_ib: Create and destroy RC QP (git-fixes). - RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). - RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). - RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). - RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). - RDMA/mana_ib: create kernel-level CQs (git-fixes). - RDMA/mana_ib: create/destroy AH (git-fixes). - RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). - RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). - RDMA/mana_ib: extend mana QP table (git-fixes). - RDMA/mana_ib: Extend modify QP (git-fixes). - RDMA/mana_ib: extend query device (git-fixes). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: Fix error code in probe() (git-fixes). - RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). - RDMA/mana_ib: Fix missing ret value (git-fixes). - RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). - RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). - RDMA/mana_ib: Implement DMABUF MR support (git-fixes). - RDMA/mana_ib: implement get_dma_mr (git-fixes). - RDMA/mana_ib: Implement port parameters (git-fixes). - RDMA/mana_ib: implement req_notify_cq (git-fixes). - RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). - RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). - RDMA/mana_ib: indicate CM support (git-fixes). - RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). - RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes). - RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). - RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). - RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). - RDMA/mana_ib: Modify QP state (git-fixes). - RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). - RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). - RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). - RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). - RDMA/mana_ib: request error CQEs when supported (git-fixes). - RDMA/mana_ib: Set correct device into ib (git-fixes). - RDMA/mana_ib: set node_guid (git-fixes). - RDMA/mana_ib: support of the zero based MRs (bsc#1251135). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). - RDMA/mana_ib: UD/GSI work requests (git-fixes). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). - RDMA/mana_ib: Use safer allocation function() (bsc#1251135). - RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). - regmap: Synchronize cache for the page selector (git-fixes). - regulator: pca9450: Correct interrupt type (git-fixes). - regulator: pca9450: Make IRQ optional (stable-fixes). - s390/debug: Pass in and enforce output buffer size for format handlers (jsc#PED-15582. - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). - scsi: storvsc: Remove redundant ternary operators (git-fixes). - serial: 8250_pci: add support for the AX99100 (stable-fixes). - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). - serial: 8250: Fix TX deadlock when using DMA (git-fixes). - serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). - smb: client: add proper locking around ses->iface_last_update (git-fixes). - smb: client: fix broken multichannel with krb5+signing (git-fixes). - smb: client: fix cifs_pick_channel when channels are equally loaded (git-fixes). - smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes). - smb: client: fix krb5 mount with username option (git-fixes). - smb: client: prevent races in ->query_interfaces() (git-fixes). - soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes). - soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). - spi: fix statistics allocation (git-fixes). - spi: fix use-after-free on controller registration failure (git-fixes). - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes). - thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - tools: hv: lsvmbus: change shebang to use python3 (git-fixes). - tools/hv: add a .gitignore file (git-fixes). - tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). - tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). - USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes). - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes). - usb: cdns3: fix role switching during resume (git-fixes). - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). - usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes). - usb: cdns3: remove redundant if branch (stable-fixes). - usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). - usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes). - USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). - usb: core: new quirk to handle devices with zero configurations (stable-fixes). - usb: core: phy: avoid double use of 'usb3-phy' (git-fixes). - USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). - USB: dummy-hcd: Fix locking/synchronization error (git-fixes). - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). - usb: ehci-brcm: fix sleep during atomic (git-fixes). - USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes). - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). - usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes). - usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes). - usb: image: mdc800: kill download URB on timeout (stable-fixes). - usb: mdc800: handle signal and read racing (stable-fixes). - usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes). - usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes). - usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes). - USB: serial: f81232: fix incomplete serial port generation (stable-fixes). - usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes). - USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). - usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes). - usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). - usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes). - usb: yurex: fix race in probe (stable-fixes). - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). - vhost: fix caching attributes of MMIO regions by setting them explicitly (git-fixes). - vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes). - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). - wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). - wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). - wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes). - wifi: mac80211: set default WMM parameters on all links (stable-fixes). - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes). - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). - xen/privcmd: unregister xenstore notifier on module exit (git-fixes). - xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes). kernel-default-6.4.0-150700.53.37.1.nosrc.rpm True kernel-default-6.4.0-150700.53.37.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.37.1.150700.17.25.1.src.rpm True kernel-default-base-6.4.0-150700.53.37.1.150700.17.25.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.37.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.37.1.noarch.rpm True kernel-macros-6.4.0-150700.53.37.1.noarch.rpm True kernel-source-6.4.0-150700.53.37.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP7-2026-1609 Recommended update for checkmedia moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for checkmedia fixes the following issues: - Update to version 6.6: * include pre-built documentation (bsc#1260860) * simplify spec file * add support for GPT partitions checkmedia-6.6-150600.3.6.1.src.rpm checkmedia-6.6-150600.3.6.1.x86_64.rpm libmediacheck-devel-6.6-150600.3.6.1.x86_64.rpm libmediacheck6-6.6-150600.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1418 Security update for iproute2 low SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for iproute2 fixes the following issue: - CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324). iproute2-6.4-150600.7.12.1.src.rpm iproute2-6.4-150600.7.12.1.x86_64.rpm iproute2-arpd-6.4-150600.7.12.1.x86_64.rpm iproute2-bash-completion-6.4-150600.7.12.1.x86_64.rpm libnetlink-devel-6.4-150600.7.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1355 Security update for rubygem-bundler important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. - CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) - CVE-2021-43809: rubygem-bundler: remote execution via Gemfile argument injection (bsc#1193578) ruby2.5-rubygem-bundler-2.2.34-150700.21.3.1.x86_64.rpm rubygem-bundler-2.2.34-150700.21.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1399 Security update for cups important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cups fixes the following issue: - CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). cups-2.2.7-150000.3.86.1.src.rpm cups-2.2.7-150000.3.86.1.x86_64.rpm cups-client-2.2.7-150000.3.86.1.x86_64.rpm cups-config-2.2.7-150000.3.86.1.x86_64.rpm cups-devel-2.2.7-150000.3.86.1.x86_64.rpm libcups2-2.2.7-150000.3.86.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.86.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.86.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.86.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.86.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1432 Security update for libcap important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). libcap-2.63-150400.3.6.1.src.rpm libcap-devel-2.63-150400.3.6.1.x86_64.rpm libcap-progs-2.63-150400.3.6.1.x86_64.rpm libcap2-2.63-150400.3.6.1.x86_64.rpm libpsx2-2.63-150400.3.6.1.x86_64.rpm libcap2-32bit-2.63-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1551 Recommended update for libteam important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libteam fixes the following issues: - Fix: teamd LACP initialization failure (-ENOMEM / Race condition) two BCM57414 25Gbps cards (bsc#1260370) * libteam: double NETLINK_RCVBUF to fix -ENOMEM error libteam-1.27-150000.4.21.1.src.rpm libteam-devel-1.27-150000.4.21.1.x86_64.rpm libteam5-1.27-150000.4.21.1.x86_64.rpm libteamdctl0-1.27-150000.4.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1426 Recommended update for grub2 important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for grub2 fixes the following issues: - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * add mandatoryminstallmdevicemcheckmformPowerPC - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * use net config for boot location instead of - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume grub2-2.12-150700.19.29.1.src.rpm grub2-2.12-150700.19.29.1.x86_64.rpm grub2-i386-pc-2.12-150700.19.29.1.noarch.rpm grub2-snapper-plugin-2.12-150700.19.29.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-150700.19.29.1.noarch.rpm grub2-x86_64-efi-2.12-150700.19.29.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1486 Security update for cosign important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for cosign rebuilds it against the current go 1.25 security release. cosign-3.0.5-150400.3.39.1.src.rpm cosign-3.0.5-150400.3.39.1.x86_64.rpm cosign-bash-completion-3.0.5-150400.3.39.1.noarch.rpm cosign-zsh-completion-3.0.5-150400.3.39.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1488 Security update for rekor important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for rekor rebuilds it against the current go 1.25 security release. rekor-1.4.3-150400.4.30.1.src.rpm rekor-1.4.3-150400.4.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1495 Security update for containerd important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for containerd rebuilds it against the current go 1.25 security release. containerd-1.7.29-150000.132.1.src.rpm containerd-1.7.29-150000.132.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1492 Security update for docker important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for docker rebuilds it against the current go 1.25 security release. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-150000.245.2.src.rpm docker-28.5.1_ce-150000.245.2.x86_64.rpm docker-buildx-0.29.0-150000.245.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1487 Security update for runc important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for runc rebuilds it against the current go 1.25 security release. runc-1.3.4-150000.92.1.src.rpm runc-1.3.4-150000.92.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1576 Security update for gdk-pixbuf important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for gdk-pixbuf fixes the following issue: - CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). gdk-pixbuf-2.42.12-150600.3.11.1.src.rpm gdk-pixbuf-devel-2.42.12-150600.3.11.1.x86_64.rpm gdk-pixbuf-lang-2.42.12-150600.3.11.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1561 Recommended update for mozilla-nss moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. libfreebl3-3.112.4-150400.3.66.1.x86_64.rpm libsoftokn3-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-3.112.4-150400.3.66.1.src.rpm mozilla-nss-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-certs-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-devel-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-sysinit-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-tools-3.112.4-150400.3.66.1.x86_64.rpm libfreebl3-32bit-3.112.4-150400.3.66.1.x86_64.rpm libsoftokn3-32bit-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-32bit-3.112.4-150400.3.66.1.x86_64.rpm mozilla-nss-certs-32bit-3.112.4-150400.3.66.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1602 Security update for libpng16 moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957). libpng16-1.6.40-150600.3.20.1.src.rpm libpng16-16-1.6.40-150600.3.20.1.x86_64.rpm libpng16-compat-devel-1.6.40-150600.3.20.1.x86_64.rpm libpng16-devel-1.6.40-150600.3.20.1.x86_64.rpm libpng16-16-32bit-1.6.40-150600.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1510 Security update for ncurses moderate SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). libncurses6-6.1-150000.5.33.1.x86_64.rpm ncurses-6.1-150000.5.33.1.src.rpm ncurses-devel-6.1-150000.5.33.1.x86_64.rpm ncurses-utils-6.1-150000.5.33.1.x86_64.rpm tack-6.1-150000.5.33.1.x86_64.rpm terminfo-6.1-150000.5.33.1.x86_64.rpm terminfo-base-6.1-150000.5.33.1.x86_64.rpm terminfo-iterm-6.1-150000.5.33.1.x86_64.rpm terminfo-screen-6.1-150000.5.33.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1571 Security update for ntfs-3g_ntfsprogs important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for ntfs-3g_ntfsprogs fixes the following issue: - CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216). libntfs-3g87-2022.5.17-150000.3.24.1.x86_64.rpm ntfs-3g-2022.5.17-150000.3.24.1.x86_64.rpm ntfs-3g_ntfsprogs-2022.5.17-150000.3.24.1.src.rpm ntfsprogs-2022.5.17-150000.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1637 Security update for strongswan important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). - CVE-2026-35329: null pointer dereference when processing padding in PKCS#7 (bsc#1261717). - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). - CVE-2026-35331: accepting certificates violating name constraints (bsc#1261718). - CVE-2026-35332: null pointer dereference when handling ECDH public value in TLS (bsc#1261708). - CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). - CVE-2026-35334: possible null pointer dereference in RSA decryption (bsc#1261720). strongswan-5.9.14-150700.3.14.1.src.rpm strongswan-5.9.14-150700.3.14.1.x86_64.rpm strongswan-doc-5.9.14-150700.3.14.1.noarch.rpm strongswan-hmac-5.9.14-150700.3.14.1.x86_64.rpm strongswan-ipsec-5.9.14-150700.3.14.1.x86_64.rpm strongswan-libs0-5.9.14-150700.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP7-2026-1673 Security update for the Linux Kernel important SUSE Updates SLE-Module-Basesystem 15-SP7 x86 64 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). kernel-default-6.4.0-150700.53.40.1.nosrc.rpm True kernel-default-6.4.0-150700.53.40.1.x86_64.rpm True kernel-default-base-6.4.0-150700.53.40.1.150700.17.27.1.src.rpm True kernel-default-base-6.4.0-150700.53.40.1.150700.17.27.1.x86_64.rpm True kernel-default-devel-6.4.0-150700.53.40.1.x86_64.rpm True kernel-devel-6.4.0-150700.53.40.1.noarch.rpm True kernel-macros-6.4.0-150700.53.40.1.noarch.rpm True kernel-source-6.4.0-150700.53.40.1.src.rpm True